From 1ad277c175d639dcd8974694197ce5f55553bd63 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 12 Jun 2024 19:37:15 +0200 Subject: [PATCH 01/31] unpacked api --- libcrux-ml-kem/src/ind_cca.rs | 163 ++++++++++++++++++- libcrux-ml-kem/src/ind_cca/instantiations.rs | 109 +++++++++++++ libcrux-ml-kem/src/ind_cpa.rs | 149 +++++++++++++---- libcrux-ml-kem/src/mlkem768.rs | 76 ++++++++- libcrux-ml-kem/src/polynomial.rs | 2 +- libcrux-ml-kem/src/types.rs | 23 +++ libcrux-ml-kem/src/vector/traits.rs | 2 +- 7 files changed, 481 insertions(+), 43 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 719f009b9..c17ff506b 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -6,7 +6,7 @@ use crate::{ hash_functions::Hash, ind_cpa::serialize_public_key, serialize::deserialize_ring_elements_reduced, - types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey}, + types::*, utils::into_padded_array, vector::Operations, }; @@ -67,13 +67,15 @@ fn validate_public_key< ); let public_key_serialized = serialize_public_key::( - deserialized_pk, + &deserialized_pk, &public_key[RANKED_BYTES_PER_RING_ELEMENT..], ); *public_key == public_key_serialized } +/// Packed API +/// /// Generate a key pair. /// /// Depending on the `Vector` and `Hasher` used, this requires different hardware @@ -238,3 +240,160 @@ pub(crate) fn decapsulate< selector, ) } + +// Unpacked API +// Generate Unpacked Keys +pub(crate) fn generate_keypair_unpacked< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash +>( + randomness: [u8; KEY_GENERATION_SEED_SIZE], +) -> MlKemKeyPairUnpacked { + let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; + let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; + let (ind_cpa_private_key, ind_cpa_public_key) = crate::ind_cpa::generate_keypair_unpacked::< + K, + ETA1, + ETA1_RANDOMNESS_SIZE, + Vector, + Hasher, + >(ind_cpa_keypair_randomness); + let pk_serialized = serialize_public_key::( + &ind_cpa_public_key.t_as_ntt, &ind_cpa_public_key.seed_for_A); + let public_key_hash = Hasher::H(&pk_serialized); + + MlKemKeyPairUnpacked{private_key:ind_cpa_private_key, + public_key:ind_cpa_public_key, + public_key_hash: public_key_hash, + implicit_rejection_value:implicit_rejection_value.try_into().unwrap()} +} + +// Encapsulate with Unpacked Public Key +pub(crate) fn encapsulate_unpacked< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash +>( + public_key: &MlKemPublicKeyUnpacked, + public_key_hash: &[u8], + randomness: [u8; SHARED_SECRET_SIZE], +) -> (MlKemCiphertext, MlKemSharedSecret) { + let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); + to_hash[H_DIGEST_SIZE..].copy_from_slice(public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(public_key, randomness, pseudorandomness); + let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; + shared_secret_array.copy_from_slice(shared_secret); + (MlKemCiphertext::from(ciphertext), shared_secret_array) +} + +// Decapsulate with Unpacked Private Key +pub(crate) fn decapsulate_unpacked< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + Vector: Operations, + Hasher: Hash +>( + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, +) -> MlKemSharedSecret { + + let decrypted = crate::ind_cpa::decrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + C1_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + Vector + >(&key_pair.private_key, &ciphertext.value); + + let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = + into_padded_array(&key_pair.implicit_rejection_value); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); + let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + + let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&key_pair.public_key, decrypted, pseudorandomness); + + let selector = compare_ciphertexts_in_constant_time::( + ciphertext.as_ref(), + &expected_ciphertext, + ); + + select_shared_secret_in_constant_time( + shared_secret, + &implicit_rejection_shared_secret, + selector, + ) +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 72f17a93a..9e4d11e75 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -4,6 +4,7 @@ macro_rules! instantiate { use crate::{ MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, + types::{MlKemKeyPairUnpacked, MlKemPublicKeyUnpacked} }; /// Portable generate key pair. @@ -128,6 +129,114 @@ macro_rules! instantiate { $hash, >(private_key, ciphertext) } + + /// Unpacked API + pub(crate) fn generate_keypair_unpacked< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKemKeyPairUnpacked { + crate::ind_cca::generate_keypair_unpacked::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + $vector, + $hash, + >(randomness) + } + + /// Portable encapsualte + pub(crate) fn encapsulate_unpacked< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize + >( + public_key: &MlKemPublicKeyUnpacked, + public_key_hash: &[u8], + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + crate::ind_cca::encapsulate_unpacked::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + $vector, + $hash, + >(public_key, public_key_hash, randomness) + } + + /// Portable decapsulate + pub fn decapsulate_unpacked< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + >( + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + crate::ind_cca::decapsulate_unpacked::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + $vector, + $hash, + >(key_pair, ciphertext) + } } }; } diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index dbe59a37c..ee5770c44 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -3,6 +3,7 @@ use crate::{ hash_functions::Hash, helper::cloop, matrix::*, + types::*, ntt::{ntt_binomially_sampled_ring_element, ntt_vector_u}, polynomial::PolynomialRingElement, sampling::sample_from_binomial_distribution, @@ -25,7 +26,7 @@ pub(crate) fn serialize_public_key< const PUBLIC_KEY_SIZE: usize, Vector: Operations, >( - t_as_ntt: [PolynomialRingElement; K], + t_as_ntt: &[PolynomialRingElement; K], seed_for_a: &[u8], ) -> [u8; PUBLIC_KEY_SIZE] { let mut public_key_serialized = [0u8; PUBLIC_KEY_SIZE]; @@ -39,7 +40,7 @@ pub(crate) fn serialize_public_key< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] fn serialize_secret_key( - key: [PolynomialRingElement; K], + key: &[PolynomialRingElement; K], ) -> [u8; OUT_LEN] { let mut out = [0u8; OUT_LEN]; @@ -144,18 +145,18 @@ fn sample_vector_cbd_then_ntt< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -pub(crate) fn generate_keypair< +pub(crate) fn generate_keypair_unpacked< const K: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const RANKED_BYTES_PER_RING_ELEMENT: usize, + //const PRIVATE_KEY_SIZE: usize, + //const PUBLIC_KEY_SIZE: usize, + //const RANKED_BYTES_PER_RING_ELEMENT: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, Hasher: Hash, >( key_generation_seed: &[u8], -) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { +) -> (MlKemPrivateKeyUnpacked,MlKemPublicKeyUnpacked) { // (ρ,σ) := G(d) let hashed = Hasher::G(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); @@ -169,23 +170,57 @@ pub(crate) fn generate_keypair< sample_vector_cbd_then_ntt::( prf_input, domain_separator, - ); + ); // tˆ := Aˆ ◦ sˆ + eˆ let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); + let mut A = core::array::from_fn(|_i| { + core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) + }); + for i in 0..K { + for j in 0..K { + A[i][j] = A_transpose[j][i]; + } + } +// We would like to write the following but it is not supported by Eurydice yet. +// let A = core::array::from_fn(|i| { +// core::array::from_fn(|j| A_transpose[j][i]) +// }); + + let pk = MlKemPublicKeyUnpacked {t_as_ntt, A_transpose: A, seed_for_A : seed_for_A.try_into().unwrap()}; + let sk = MlKemPrivateKeyUnpacked {secret_as_ntt}; + (sk,pk) +} + +#[allow(non_snake_case)] +pub(crate) fn generate_keypair< + const K: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, +>( + key_generation_seed: &[u8], +) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { + let (sk,pk) = generate_keypair_unpacked::(key_generation_seed); + // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( - t_as_ntt, seed_for_A, + &pk.t_as_ntt, &pk.seed_for_A, ); // sk := Encode_12(sˆ mod^{+}q) - let secret_key_serialized = serialize_secret_key(secret_as_ntt); + let secret_key_serialized = serialize_secret_key(&sk.secret_as_ntt); (secret_key_serialized, public_key_serialized) } + /// Call [`compress_then_serialize_ring_element_u`] on each ring element. fn compress_then_serialize_u< const K: usize, @@ -246,7 +281,7 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -pub(crate) fn encrypt< +pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, const T_AS_NTT_ENCODED_SIZE: usize, @@ -262,24 +297,10 @@ pub(crate) fn encrypt< Vector: Operations, Hasher: Hash, >( - public_key: &[u8], + public_key: &MlKemPublicKeyUnpacked, message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { - // tˆ := Decode_12(pk) - let t_as_ntt = deserialize_ring_elements_reduced::( - &public_key[..T_AS_NTT_ENCODED_SIZE], - ); - - // ρ := pk + 12·k·n / 8 - // for i from 0 to k−1 do - // for j from 0 to k − 1 do - // AˆT[i][j] := Parse(XOF(ρ, i, j)) - // end for - // end for - let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; - let A_transpose = sample_matrix_A::(into_padded_array(seed), false); - // for i from 0 to k−1 do // r[i] := CBD{η1}(PRF(r, N)) // N := N + 1 @@ -305,11 +326,11 @@ pub(crate) fn encrypt< let error_2 = sample_from_binomial_distribution::(&prf_output); // u := NTT^{-1}(AˆT ◦ rˆ) + e_1 - let u = compute_vector_u(&A_transpose, &r_as_ntt, &error_1); + let u = compute_vector_u(&public_key.A_transpose, &r_as_ntt, &error_1); // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) let message_as_ring_element = deserialize_then_decompress_message(message); - let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); + let v = compute_ring_element_v(&public_key.t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; @@ -328,6 +349,49 @@ pub(crate) fn encrypt< ciphertext } +#[allow(non_snake_case)] +pub(crate) fn encrypt< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_LEN: usize, + const C2_LEN: usize, + const U_COMPRESSION_FACTOR: usize, + const V_COMPRESSION_FACTOR: usize, + const BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, +>( + public_key: &[u8], + message: [u8; SHARED_SECRET_SIZE], + randomness: &[u8], +) -> [u8; CIPHERTEXT_SIZE] { + // tˆ := Decode_12(pk) + let t_as_ntt = deserialize_ring_elements_reduced::( + &public_key[..T_AS_NTT_ENCODED_SIZE], + ); + + // ρ := pk + 12·k·n / 8 + // for i from 0 to k−1 do + // for j from 0 to k − 1 do + // AˆT[i][j] := Parse(XOF(ρ, i, j)) + // end for + // end for + let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; + let A_transpose = sample_matrix_A::(into_padded_array(seed), false); + + let public_key_unpacked = MlKemPublicKeyUnpacked {t_as_ntt, A_transpose, seed_for_A: seed.try_into().unwrap()}; + encrypt_unpacked::( + &public_key_unpacked, message, randomness) +} + + /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. #[inline(always)] @@ -389,7 +453,7 @@ fn deserialize_secret_key( /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -pub(crate) fn decrypt< +pub(crate) fn decrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, const VECTOR_U_ENCODED_SIZE: usize, @@ -397,7 +461,7 @@ pub(crate) fn decrypt< const V_COMPRESSION_FACTOR: usize, Vector: Operations, >( - secret_key: &[u8], + secret_key: &MlKemPrivateKeyUnpacked, ciphertext: &[u8; CIPHERTEXT_SIZE], ) -> [u8; SHARED_SECRET_SIZE] { // u := Decompress_q(Decode_{d_u}(c), d_u) @@ -410,10 +474,27 @@ pub(crate) fn decrypt< &ciphertext[VECTOR_U_ENCODED_SIZE..], ); - // sˆ := Decode_12(sk) - let secret_as_ntt = deserialize_secret_key(secret_key); - // m := Encode_1(Compress_q(v − NTT^{−1}(sˆT ◦ NTT(u)) , 1)) - let message = compute_message(&v, &secret_as_ntt, &u_as_ntt); + let message = compute_message(&v, &secret_key.secret_as_ntt, &u_as_ntt); compress_then_serialize_message(message) } + +#[allow(non_snake_case)] +pub(crate) fn decrypt< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const VECTOR_U_ENCODED_SIZE: usize, + const U_COMPRESSION_FACTOR: usize, + const V_COMPRESSION_FACTOR: usize, + Vector: Operations, +>( + secret_key: &[u8], + ciphertext: &[u8; CIPHERTEXT_SIZE], +) -> [u8; SHARED_SECRET_SIZE] { + // sˆ := Decode_12(sk) + let secret_as_ntt = deserialize_secret_key::(secret_key); + + let secret_key_unpacked = MlKemPrivateKeyUnpacked{secret_as_ntt}; + + decrypt_unpacked::(&secret_key_unpacked, ciphertext) +} diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index a7030cb0c..92b217fc7 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,6 +1,6 @@ //! ML-KEM 512 //! -use super::{constants::*, ind_cca::*, *}; +use super::{constants::*, ind_cca::*, types::*, vector::Operations, *}; // Kyber 768 parameters const RANK_768: usize = 3; @@ -44,9 +44,15 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// Am ML-KEM 768 Key pair pub type MlKem768KeyPair = MlKemKeyPair; + /// An Unpacked ML-KEM 768 Public key + pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; + /// Am Unpacked ML-KEM 768 Key pair + pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; + + // Instantiate the different functions. macro_rules! instantiate { - ($modp:ident, $p:path) => { + ($modp:ident, $p:path, $vec:path) => { pub mod $modp { use super::*; use $p as p; @@ -135,17 +141,77 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } + + // Unpacked API + pub fn generate_key_pair_unpacked(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768KeyPairUnpacked<$vec> { + p::generate_keypair_unpacked::< + RANK_768, + CPA_PKE_SECRET_KEY_SIZE_768, + SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + + pub fn encapsulate_unpacked( + public_key: &MlKem768PublicKeyUnpacked<$vec>, + public_key_hash: &[u8], + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem768Ciphertext, MlKemSharedSecret) { + p::encapsulate_unpacked::< + RANK_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, public_key_hash, randomness) + } + + pub fn decapsulate_unpacked_portable( + private_key: &MlKem768KeyPairUnpacked<$vec>, + ciphertext: &MlKem768Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate_unpacked::< + RANK_768, + SECRET_KEY_SIZE_768, + CPA_PKE_SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } + } }; } // Instantiations -instantiate! {portable, ind_cca::instantiations::portable} +instantiate! {portable, ind_cca::instantiations::portable, crate::vector::portable::PortableVector} #[cfg(feature = "simd256")] -instantiate! {avx2, ind_cca::instantiations::avx2} +instantiate! {avx2, ind_cca::instantiations::avx2, crate::vector::SIMD256Vector} #[cfg(feature = "simd128")] -instantiate! {neon, ind_cca::instantiations::neon} +instantiate! {neon, ind_cca::instantiations::neon, crate::vector::SIMD128Vector} /// Validate a public key. /// diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 479f409f6..8a7e34cd4 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -16,7 +16,7 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [FieldElementTimesMontgomeryR; 128] = pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(eurydice, derive(Clone, Copy))] +#[derive(Clone, Copy)] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index def249817..6ea46bcfd 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -1,3 +1,6 @@ +use crate::polynomial::PolynomialRingElement; +use crate::vector::Operations; + macro_rules! impl_generic_struct { ($name:ident, $doc:expr) => { #[doc = $doc] @@ -191,3 +194,23 @@ impl (self.sk, self.pk) } } + +/// An unpacked ML-KEM Private Key +pub struct MlKemPrivateKeyUnpacked { + pub(crate) secret_as_ntt: [PolynomialRingElement; K], +} + +/// An unpacked ML-KEM Public Key +pub struct MlKemPublicKeyUnpacked { + pub(crate) t_as_ntt: [PolynomialRingElement; K], + pub(crate) seed_for_A: [u8; 32], + pub(crate) A_transpose: [[PolynomialRingElement; K]; K] +} + +/// An unpacked ML-KEM KeyPair +pub struct MlKemKeyPairUnpacked { + pub private_key: MlKemPrivateKeyUnpacked, + pub public_key: MlKemPublicKeyUnpacked, + pub public_key_hash: [u8;32], + pub implicit_rejection_value: [u8;32] +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 9fac45c12..a2f617d1b 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -3,7 +3,7 @@ pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R -pub(crate) trait Operations: Copy + Clone { +pub trait Operations: Copy + Clone { #[allow(non_snake_case)] fn ZERO() -> Self; From 33923e960587b37d75bca1ee3b849a835901ded0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 12 Jun 2024 19:42:53 +0200 Subject: [PATCH 02/31] merged and fmt --- libcrux-ml-kem/src/ind_cca.rs | 50 +++++----- libcrux-ml-kem/src/ind_cca/instantiations.rs | 10 +- libcrux-ml-kem/src/ind_cpa.rs | 96 ++++++++++++++------ libcrux-ml-kem/src/mlkem768.rs | 18 ++-- libcrux-ml-kem/src/types.rs | 18 ++-- 5 files changed, 114 insertions(+), 78 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index c17ff506b..66261978e 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -75,7 +75,7 @@ fn validate_public_key< } /// Packed API -/// +/// /// Generate a key pair. /// /// Depending on the `Vector` and `Hasher` used, this requires different hardware @@ -241,7 +241,7 @@ pub(crate) fn decapsulate< ) } -// Unpacked API +// Unpacked API // Generate Unpacked Keys pub(crate) fn generate_keypair_unpacked< const K: usize, @@ -252,27 +252,28 @@ pub(crate) fn generate_keypair_unpacked< const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, - Hasher: Hash + Hasher: Hash, >( randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> MlKemKeyPairUnpacked { +) -> MlKemKeyPairUnpacked { let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let (ind_cpa_private_key, ind_cpa_public_key) = crate::ind_cpa::generate_keypair_unpacked::< - K, - ETA1, - ETA1_RANDOMNESS_SIZE, - Vector, - Hasher, - >(ind_cpa_keypair_randomness); + let (ind_cpa_private_key, ind_cpa_public_key) = + crate::ind_cpa::generate_keypair_unpacked::( + ind_cpa_keypair_randomness, + ); let pk_serialized = serialize_public_key::( - &ind_cpa_public_key.t_as_ntt, &ind_cpa_public_key.seed_for_A); + &ind_cpa_public_key.t_as_ntt, + &ind_cpa_public_key.seed_for_A, + ); let public_key_hash = Hasher::H(&pk_serialized); - - MlKemKeyPairUnpacked{private_key:ind_cpa_private_key, - public_key:ind_cpa_public_key, - public_key_hash: public_key_hash, - implicit_rejection_value:implicit_rejection_value.try_into().unwrap()} + + MlKemKeyPairUnpacked { + private_key: ind_cpa_private_key, + public_key: ind_cpa_public_key, + public_key_hash: public_key_hash, + implicit_rejection_value: implicit_rejection_value.try_into().unwrap(), + } } // Encapsulate with Unpacked Public Key @@ -291,9 +292,9 @@ pub(crate) fn encapsulate_unpacked< const ETA2: usize, const ETA2_RANDOMNESS_SIZE: usize, Vector: Operations, - Hasher: Hash + Hasher: Hash, >( - public_key: &MlKemPublicKeyUnpacked, + public_key: &MlKemPublicKeyUnpacked, public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { @@ -302,7 +303,7 @@ pub(crate) fn encapsulate_unpacked< let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); - + let ciphertext = crate::ind_cpa::encrypt_unpacked::< K, CIPHERTEXT_SIZE, @@ -343,19 +344,18 @@ pub(crate) fn decapsulate_unpacked< const ETA2_RANDOMNESS_SIZE: usize, const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, Vector: Operations, - Hasher: Hash + Hasher: Hash, >( - key_pair: &MlKemKeyPairUnpacked, + key_pair: &MlKemKeyPairUnpacked, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - let decrypted = crate::ind_cpa::decrypt_unpacked::< K, CIPHERTEXT_SIZE, C1_SIZE, VECTOR_U_COMPRESSION_FACTOR, VECTOR_V_COMPRESSION_FACTOR, - Vector + Vector, >(&key_pair.private_key, &ciphertext.value); let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); @@ -396,4 +396,4 @@ pub(crate) fn decapsulate_unpacked< &implicit_rejection_shared_secret, selector, ) -} \ No newline at end of file +} diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 9e4d11e75..520cdf49f 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -2,9 +2,9 @@ macro_rules! instantiate { ($modp:ident, $vector:path, $hash:path) => { pub mod $modp { use crate::{ + types::{MlKemKeyPairUnpacked, MlKemPublicKeyUnpacked}, MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, - types::{MlKemKeyPairUnpacked, MlKemPublicKeyUnpacked} }; /// Portable generate key pair. @@ -141,7 +141,7 @@ macro_rules! instantiate { const ETA1_RANDOMNESS_SIZE: usize, >( randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKemKeyPairUnpacked { + ) -> MlKemKeyPairUnpacked { crate::ind_cca::generate_keypair_unpacked::< K, CPA_PRIVATE_KEY_SIZE, @@ -169,9 +169,9 @@ macro_rules! instantiate { const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize + const ETA2_RANDOMNESS_SIZE: usize, >( - public_key: &MlKemPublicKeyUnpacked, + public_key: &MlKemPublicKeyUnpacked, public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { @@ -213,7 +213,7 @@ macro_rules! instantiate { const ETA2_RANDOMNESS_SIZE: usize, const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, >( - key_pair: &MlKemKeyPairUnpacked, + key_pair: &MlKemKeyPairUnpacked, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { crate::ind_cca::decapsulate_unpacked::< diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index ee5770c44..d623e5051 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -3,7 +3,6 @@ use crate::{ hash_functions::Hash, helper::cloop, matrix::*, - types::*, ntt::{ntt_binomially_sampled_ring_element, ntt_vector_u}, polynomial::PolynomialRingElement, sampling::sample_from_binomial_distribution, @@ -14,6 +13,7 @@ use crate::{ deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element, serialize_uncompressed_ring_element, }, + types::*, utils::into_padded_array, vector::Operations, }; @@ -156,7 +156,10 @@ pub(crate) fn generate_keypair_unpacked< Hasher: Hash, >( key_generation_seed: &[u8], -) -> (MlKemPrivateKeyUnpacked,MlKemPublicKeyUnpacked) { +) -> ( + MlKemPrivateKeyUnpacked, + MlKemPublicKeyUnpacked, +) { // (ρ,σ) := G(d) let hashed = Hasher::G(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); @@ -170,7 +173,7 @@ pub(crate) fn generate_keypair_unpacked< sample_vector_cbd_then_ntt::( prf_input, domain_separator, - ); + ); // tˆ := Aˆ ◦ sˆ + eˆ let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); @@ -180,17 +183,21 @@ pub(crate) fn generate_keypair_unpacked< }); for i in 0..K { for j in 0..K { - A[i][j] = A_transpose[j][i]; - } + A[i][j] = A_transpose[j][i]; + } } -// We would like to write the following but it is not supported by Eurydice yet. -// let A = core::array::from_fn(|i| { -// core::array::from_fn(|j| A_transpose[j][i]) -// }); - - let pk = MlKemPublicKeyUnpacked {t_as_ntt, A_transpose: A, seed_for_A : seed_for_A.try_into().unwrap()}; - let sk = MlKemPrivateKeyUnpacked {secret_as_ntt}; - (sk,pk) + // We would like to write the following but it is not supported by Eurydice yet. + // let A = core::array::from_fn(|i| { + // core::array::from_fn(|j| A_transpose[j][i]) + // }); + + let pk = MlKemPublicKeyUnpacked { + t_as_ntt, + A_transpose: A, + seed_for_A: seed_for_A.try_into().unwrap(), + }; + let sk = MlKemPrivateKeyUnpacked { secret_as_ntt }; + (sk, pk) } #[allow(non_snake_case)] @@ -206,12 +213,15 @@ pub(crate) fn generate_keypair< >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { - let (sk,pk) = generate_keypair_unpacked::(key_generation_seed); + let (sk, pk) = generate_keypair_unpacked::( + key_generation_seed, + ); // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( - &pk.t_as_ntt, &pk.seed_for_A, + &pk.t_as_ntt, + &pk.seed_for_A, ); // sk := Encode_12(sˆ mod^{+}q) @@ -220,7 +230,6 @@ pub(crate) fn generate_keypair< (secret_key_serialized, public_key_serialized) } - /// Call [`compress_then_serialize_ring_element_u`] on each ring element. fn compress_then_serialize_u< const K: usize, @@ -297,7 +306,7 @@ pub(crate) fn encrypt_unpacked< Vector: Operations, Hasher: Hash, >( - public_key: &MlKemPublicKeyUnpacked, + public_key: &MlKemPublicKeyUnpacked, message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { @@ -330,7 +339,12 @@ pub(crate) fn encrypt_unpacked< // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) let message_as_ring_element = deserialize_then_decompress_message(message); - let v = compute_ring_element_v(&public_key.t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); + let v = compute_ring_element_v( + &public_key.t_as_ntt, + &r_as_ntt, + &error_2, + &message_as_ring_element, + ); let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; @@ -384,14 +398,29 @@ pub(crate) fn encrypt< let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; let A_transpose = sample_matrix_A::(into_padded_array(seed), false); - let public_key_unpacked = MlKemPublicKeyUnpacked {t_as_ntt, A_transpose, seed_for_A: seed.try_into().unwrap()}; - encrypt_unpacked::( - &public_key_unpacked, message, randomness) + let public_key_unpacked = MlKemPublicKeyUnpacked { + t_as_ntt, + A_transpose, + seed_for_A: seed.try_into().unwrap(), + }; + encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_LEN, + C2_LEN, + U_COMPRESSION_FACTOR, + V_COMPRESSION_FACTOR, + BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&public_key_unpacked, message, randomness) } - /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. #[inline(always)] @@ -461,7 +490,7 @@ pub(crate) fn decrypt_unpacked< const V_COMPRESSION_FACTOR: usize, Vector: Operations, >( - secret_key: &MlKemPrivateKeyUnpacked, + secret_key: &MlKemPrivateKeyUnpacked, ciphertext: &[u8; CIPHERTEXT_SIZE], ) -> [u8; SHARED_SECRET_SIZE] { // u := Decompress_q(Decode_{d_u}(c), d_u) @@ -492,9 +521,16 @@ pub(crate) fn decrypt< ciphertext: &[u8; CIPHERTEXT_SIZE], ) -> [u8; SHARED_SECRET_SIZE] { // sˆ := Decode_12(sk) - let secret_as_ntt = deserialize_secret_key::(secret_key); - - let secret_key_unpacked = MlKemPrivateKeyUnpacked{secret_as_ntt}; - - decrypt_unpacked::(&secret_key_unpacked, ciphertext) + let secret_as_ntt = deserialize_secret_key::(secret_key); + + let secret_key_unpacked = MlKemPrivateKeyUnpacked { secret_as_ntt }; + + decrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + VECTOR_U_ENCODED_SIZE, + U_COMPRESSION_FACTOR, + V_COMPRESSION_FACTOR, + Vector, + >(&secret_key_unpacked, ciphertext) } diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 92b217fc7..7b9ff1b08 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -44,11 +44,10 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// Am ML-KEM 768 Key pair pub type MlKem768KeyPair = MlKemKeyPair; - /// An Unpacked ML-KEM 768 Public key - pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; - /// Am Unpacked ML-KEM 768 Key pair - pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; - +/// An Unpacked ML-KEM 768 Public key +pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; +/// Am Unpacked ML-KEM 768 Key pair +pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { @@ -143,7 +142,9 @@ macro_rules! instantiate { } // Unpacked API - pub fn generate_key_pair_unpacked(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768KeyPairUnpacked<$vec> { + pub fn generate_key_pair_unpacked( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem768KeyPairUnpacked<$vec> { p::generate_keypair_unpacked::< RANK_768, CPA_PKE_SECRET_KEY_SIZE_768, @@ -154,7 +155,7 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, >(randomness) } - + pub fn encapsulate_unpacked( public_key: &MlKem768PublicKeyUnpacked<$vec>, public_key_hash: &[u8], @@ -176,7 +177,7 @@ macro_rules! instantiate { ETA2_RANDOMNESS_SIZE, >(public_key, public_key_hash, randomness) } - + pub fn decapsulate_unpacked_portable( private_key: &MlKem768KeyPairUnpacked<$vec>, ciphertext: &MlKem768Ciphertext, @@ -200,7 +201,6 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } - } }; } diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 6ea46bcfd..d1a9cc110 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -196,21 +196,21 @@ impl } /// An unpacked ML-KEM Private Key -pub struct MlKemPrivateKeyUnpacked { +pub struct MlKemPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } /// An unpacked ML-KEM Public Key -pub struct MlKemPublicKeyUnpacked { +pub struct MlKemPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], - pub(crate) A_transpose: [[PolynomialRingElement; K]; K] + pub(crate) A_transpose: [[PolynomialRingElement; K]; K], } /// An unpacked ML-KEM KeyPair -pub struct MlKemKeyPairUnpacked { - pub private_key: MlKemPrivateKeyUnpacked, - pub public_key: MlKemPublicKeyUnpacked, - pub public_key_hash: [u8;32], - pub implicit_rejection_value: [u8;32] -} \ No newline at end of file +pub struct MlKemKeyPairUnpacked { + pub private_key: MlKemPrivateKeyUnpacked, + pub public_key: MlKemPublicKeyUnpacked, + pub public_key_hash: [u8; 32], + pub implicit_rejection_value: [u8; 32], +} From a21d93954f2642cf9c1438316c194c7857c35c27 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 12 Jun 2024 20:06:57 +0200 Subject: [PATCH 03/31] small reorg to extract c --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 21 +- .../c/internal/libcrux_mlkem_avx2.h | 15 + .../c/internal/libcrux_mlkem_portable.h | 15 + libcrux-ml-kem/c/libcrux_core.c | 14 + libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 33 + libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 16 + libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 33 + libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 16 + libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 33 + libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 16 + libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 33 + libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 16 + libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1340 ++++++++++++---- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 25 + libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1393 ++++++++++++----- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 25 + libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/ind_cca/instantiations.rs | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/mlkem768.rs | 19 +- libcrux-ml-kem/src/types.rs | 40 +- libcrux-ml-kem/src/vector/traits.rs | 9 +- 24 files changed, 2378 insertions(+), 746 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 0da0e1229..319549631 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,4 +2,4 @@ This code was generated with the following tools: Charon: 0b8b7a82c2a18f65ab9df16f222d52594c17f59c Eurydice: ec9da30ba3723647ca6f03810cfcfd418bd48bf8 Karamel: 22425a93c68d9e3794909f98854aaffdc0560510 -F*: \ No newline at end of file +F*: diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 9e3db79d7..55cf78d2d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -151,6 +151,19 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_ void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); +typedef struct + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[32U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError self, + uint8_t ret[32U]); + void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); @@ -166,7 +179,7 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -179,7 +192,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_arr typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -192,7 +205,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_arr typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -210,7 +223,7 @@ typedef struct core_option_Option__Eurydice_slice_uint8_t_s { typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ffea50616..be7659412 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -21,15 +21,30 @@ extern "C" { bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index e33f8010e..31dfad8ce 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -42,15 +42,30 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 030415b38..cacd1a0f8 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -272,6 +272,20 @@ void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } +void core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError self, + uint8_t ret[32U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[32U]; + memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e139b26ab..836649df0 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -128,11 +128,11 @@ typedef struct #define core_result_Err 1 typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags; typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 848b46be2..baa3138e6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -97,6 +97,15 @@ bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_11 public_key); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -106,6 +115,20 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t uu____0); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -117,6 +140,16 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184 uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4fc0e2978..f185545dc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -14,6 +14,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_avx2.h" void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, @@ -52,15 +53,30 @@ libcrux_ml_kem_mlkem512_avx2_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 58a1c1e90..60f7c32ec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -133,6 +133,15 @@ bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_ public_key); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -142,6 +151,20 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152si uu____0); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -153,6 +176,16 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 40bd5b724..170f8aff1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -14,6 +14,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, @@ -68,15 +69,30 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168si bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index b4ded9ed6..e4da24aa1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -16,6 +16,16 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -27,6 +37,20 @@ libcrux_ml_kem_mlkem768_avx2_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -35,6 +59,15 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 9d0c5e1f2..aa5d8e95e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -15,19 +15,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_mlkem512_avx2.h" +#include "libcrux_mlkem_avx2.h" void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1981d0c6c..411a305c9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -16,6 +16,16 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -27,6 +37,20 @@ libcrux_ml_kem_mlkem768_portable_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -35,6 +59,15 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 190d95aa7..460f0601d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -15,19 +15,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_mlkem512_portable.h" +#include "libcrux_mlkem_portable.h" void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 8445a7bbe..eadea3f27 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1672,7 +1672,7 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], + *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for ( @@ -1710,7 +1710,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -1718,16 +1718,9 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[1152U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -1749,12 +1742,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uu____0, @@ -1765,6 +1753,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__; + static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -2576,8 +2572,23 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -2590,10 +2601,10 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -2627,6 +2638,16 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f t_as_ntt[3U]; compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____4[3U]; memcpy( @@ -2634,27 +2655,51 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; + uu____5[3U][3U]; + memcpy( + uu____5, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6[3U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + sk; + memcpy( + sk.secret_as_ntt, uu____6, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__){ + .fst = sk, .snd = pk}); } static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -2665,6 +2710,92 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[1152U]; + memcpy(uu____2, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____2, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -2767,41 +2898,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uu____4)); } -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -3528,23 +3624,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -3588,7 +3671,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u[3U]; compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3597,7 +3680,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____5[3U]; @@ -3621,6 +3704,153 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[1088U]; + memcpy(uu____3, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U][3U]; + memcpy( + uu____1, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)1088U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -4111,64 +4341,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Ve return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4243,8 +4415,10 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[3U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( @@ -4254,14 +4428,10 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_1 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( message, ret0); @@ -4277,6 +4447,162 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4399,7 +4725,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568 static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], + *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for ( @@ -4437,7 +4763,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -4445,16 +4771,9 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[1536U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -4476,12 +4795,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uu____0, @@ -4492,6 +4806,28 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; +} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; +} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___s { + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__; + static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -4970,8 +5306,23 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -4984,10 +5335,10 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -5021,6 +5372,16 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f t_as_ntt[4U]; compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____4[4U]; memcpy( @@ -5028,26 +5389,80 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; + uu____5[4U][4U]; + memcpy( + uu____5, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6[4U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t sk; + memcpy( + sk.secret_as_ntt, uu____6, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__){ + .fst = sk, .snd = pk}); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + key_generation_seed); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + sk = uu____0.fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t pk = + uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[1536U]; + memcpy(uu____2, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____2, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -5442,23 +5857,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -5502,7 +5904,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u[4U]; compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5511,7 +5913,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____5[4U]; @@ -5535,6 +5937,68 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U][4U]; + memcpy( + uu____1, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)1568U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -5597,6 +6061,41 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib return lit; } +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( Eurydice_slice serialized) { @@ -5683,41 +6182,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Ve return uu____0; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5742,8 +6206,10 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[4U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( @@ -5753,17 +6219,40 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + message = + compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + &v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector secret_as_ntt[4U]; deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - message = - compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &v, secret_as_ntt, u_as_ntt); + uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( - message, ret0); + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5899,7 +6388,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800s static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], + *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for ( @@ -5937,7 +6426,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -5945,16 +6434,9 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[768U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5976,12 +6458,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uu____0, @@ -5992,6 +6469,28 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; +} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; +} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___s { + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__; + static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -6463,8 +6962,23 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -6477,10 +6991,10 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -6514,6 +7028,16 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f t_as_ntt[2U]; compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____4[2U]; memcpy( @@ -6521,26 +7045,80 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; + uu____5[2U][2U]; + memcpy( + uu____5, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____6[2U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t sk; memcpy( - uu____5, secret_as_ntt, + sk.secret_as_ntt, uu____6, (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__){ + .fst = sk, .snd = pk}); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + key_generation_seed); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + sk = uu____0.fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t pk = + uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[768U]; + memcpy(uu____2, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____3[800U]; + memcpy(uu____3, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____2, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -6921,23 +7499,10 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640s } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -6981,7 +7546,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u[2U]; compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6990,7 +7555,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____5[2U]; @@ -7014,6 +7579,68 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U][2U]; + memcpy( + uu____1, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)768U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -7076,6 +7703,41 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib return lit; } +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( uint8_t *ciphertext, @@ -7121,41 +7783,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7180,8 +7807,10 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[2U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( @@ -7191,20 +7820,43 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10 Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 1a43363a5..6e7348c04 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -286,6 +286,31 @@ typedef struct core_core_arch_x86___m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[3U][3U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 95917c799..a45e3e541 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -2343,7 +2343,7 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVect static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - key[4U], + *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for ( @@ -2381,7 +2381,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 static inline void serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[4U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -2389,16 +2389,9 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[1536U]; serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2420,12 +2413,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( uu____0, @@ -2436,6 +2424,29 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; +} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t; + +typedef struct + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; +} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t; + +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___s { + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__; + static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -3206,8 +3217,24 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static void +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -3220,10 +3247,10 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -3257,6 +3284,16 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h t_as_ntt[4U]; compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____4[4U]; memcpy( @@ -3264,26 +3301,82 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[4U]; + uu____5[4U][4U]; + memcpy( + uu____5, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6[4U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + sk; memcpy( - uu____5, secret_as_ntt, + sk.secret_as_ntt, uu____6, (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__){ + .fst = sk, .snd = pk}); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + key_generation_seed); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + sk = uu____0.fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[1536U]; + memcpy(uu____2, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____2, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -3987,23 +4080,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableV } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -4047,7 +4127,7 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector u[4U]; compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -4056,7 +4136,7 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____5[4U]; @@ -4080,6 +4160,68 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +static void +encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[4U][4U]; + memcpy( + uu____1, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [4U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)1568U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -4142,6 +4284,64 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); +} + static inline libcrux_ml_kem_vector_portable_PortableVector decompress_ciphertext_coefficient___10int32_t( libcrux_ml_kem_vector_portable_PortableVector v) { @@ -4413,88 +4613,30 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_Porta } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); +subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + b) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; } - return re; + return b; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - Eurydice_slice secret_key, +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - self->coefficients[i0], &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *v, + *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -4545,8 +4687,10 @@ compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector u_as_ntt[4U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( @@ -4556,20 +4700,43 @@ decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408si Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector message = compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; @@ -4702,7 +4869,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - key[3U], + *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for ( @@ -4740,7 +4907,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 static inline void serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[3U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -4748,16 +4915,9 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[1152U]; serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -4779,12 +4939,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( uu____0, @@ -4795,6 +4950,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__; + static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -5218,8 +5381,24 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static void +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -5232,10 +5411,10 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -5269,6 +5448,16 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h t_as_ntt[3U]; compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____4[3U]; memcpy( @@ -5276,27 +5465,51 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[3U]; + uu____5[3U][3U]; memcpy( - uu____5, secret_as_ntt, + uu____5, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + pk; + memcpy( + pk.t_as_ntt, uu____4, (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6[3U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + sk; + memcpy( + sk.secret_as_ntt, uu____6, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__){ + .fst = sk, .snd = pk}); } static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -5307,6 +5520,92 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[1152U]; + memcpy(uu____2, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____2, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -5409,41 +5708,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -5696,23 +5960,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableV } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -5756,7 +6007,7 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector u[3U]; compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -5765,7 +6016,7 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____5[3U]; @@ -5789,6 +6040,153 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[1088U]; + memcpy(uu____3, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); +} + +static void +encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[3U][3U]; + memcpy( + uu____1, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)1088U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -5937,6 +6335,134 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_Porta return uu____0; } +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result, &product);); + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &result); + result = + subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + return result; +} + +static void +decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + u_as_ntt[3U]; + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + message = + compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + &v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void PRF___3size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( Eurydice_slice secret_key, @@ -5972,65 +6498,33 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - &result); - result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); - return result; -} - static void decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( - ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector secret_as_ntt[3U]; deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - &v, secret_as_ntt, u_as_ntt); + uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( - message, ret0); + decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___3size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6153,7 +6647,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - key[2U], + *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for ( @@ -6191,7 +6685,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s static inline void serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[2U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -6199,16 +6693,9 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); uint8_t ret0[768U]; serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -6230,12 +6717,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( uu____0, @@ -6246,6 +6728,29 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; +} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t; + +typedef struct + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; +} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t; + +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___s { + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__; + static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -6680,8 +7185,24 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +static void +closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -6694,10 +7215,10 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -6731,6 +7252,16 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h t_as_ntt[2U]; compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____4[2U]; memcpy( @@ -6738,26 +7269,82 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____5[2U]; + uu____5[2U][2U]; + memcpy( + uu____5, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____6[2U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + sk; memcpy( - uu____5, secret_as_ntt, + sk.secret_as_ntt, uu____6, (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__){ + .fst = sk, .snd = pk}); +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + key_generation_seed); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + sk = uu____0.fst; + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[768U]; + memcpy(uu____2, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____3[800U]; + memcpy(uu____3, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____2, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -7122,23 +7709,10 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -7182,7 +7756,7 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector u[2U]; compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -7191,7 +7765,7 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector uu____5[2U]; @@ -7215,6 +7789,68 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +static void +encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____1[2U][2U]; + memcpy( + uu____1, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + [2U])); + MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)768U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -7277,6 +7913,41 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); +} + static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( uint8_t *ciphertext, @@ -7322,41 +7993,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2si libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector @@ -7382,8 +8018,10 @@ compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector u_as_ntt[2U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( @@ -7393,20 +8031,43 @@ decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector message = compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void PRF___2size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 2afec0115..7931abfa7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -310,6 +310,31 @@ typedef struct libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + secret_as_ntt[3U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + A_transpose[3U][3U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 66261978e..ac54b1637 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -6,7 +6,7 @@ use crate::{ hash_functions::Hash, ind_cpa::serialize_public_key, serialize::deserialize_ring_elements_reduced, - types::*, + types::{unpacked::*, *}, utils::into_padded_array, vector::Operations, }; diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 520cdf49f..1e47cd76a 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -2,7 +2,7 @@ macro_rules! instantiate { ($modp:ident, $vector:path, $hash:path) => { pub mod $modp { use crate::{ - types::{MlKemKeyPairUnpacked, MlKemPublicKeyUnpacked}, + types::unpacked::{MlKemKeyPairUnpacked, MlKemPublicKeyUnpacked}, MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, }; diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index d623e5051..650fba3bc 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -13,7 +13,7 @@ use crate::{ deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element, serialize_uncompressed_ring_element, }, - types::*, + types::unpacked::*, utils::into_padded_array, vector::Operations, }; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 7b9ff1b08..5540544aa 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,6 +1,13 @@ //! ML-KEM 512 //! -use super::{constants::*, ind_cca::*, types::*, vector::Operations, *}; +use vector::traits::VectorType; + +use super::{ + constants::*, + ind_cca::*, + types::{unpacked::*, *}, + *, +}; // Kyber 768 parameters const RANK_768: usize = 3; @@ -45,9 +52,9 @@ pub type MlKem768PublicKey = MlKemPublicKey; pub type MlKem768KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 768 Public key -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { @@ -207,11 +214,11 @@ macro_rules! instantiate { // Instantiations -instantiate! {portable, ind_cca::instantiations::portable, crate::vector::portable::PortableVector} +instantiate! {portable, ind_cca::instantiations::portable, vector::portable::PortableVector} #[cfg(feature = "simd256")] -instantiate! {avx2, ind_cca::instantiations::avx2, crate::vector::SIMD256Vector} +instantiate! {avx2, ind_cca::instantiations::avx2, vector::SIMD256Vector} #[cfg(feature = "simd128")] -instantiate! {neon, ind_cca::instantiations::neon, crate::vector::SIMD128Vector} +instantiate! {neon, ind_cca::instantiations::neon, vector::SIMD128Vector} /// Validate a public key. /// diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index d1a9cc110..8a7caf34d 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -1,6 +1,3 @@ -use crate::polynomial::PolynomialRingElement; -use crate::vector::Operations; - macro_rules! impl_generic_struct { ($name:ident, $doc:expr) => { #[doc = $doc] @@ -195,22 +192,27 @@ impl } } -/// An unpacked ML-KEM Private Key -pub struct MlKemPrivateKeyUnpacked { - pub(crate) secret_as_ntt: [PolynomialRingElement; K], -} +/// Types for the unpacked API. +pub mod unpacked { + use crate::{polynomial::PolynomialRingElement, vector::traits::VectorType}; -/// An unpacked ML-KEM Public Key -pub struct MlKemPublicKeyUnpacked { - pub(crate) t_as_ntt: [PolynomialRingElement; K], - pub(crate) seed_for_A: [u8; 32], - pub(crate) A_transpose: [[PolynomialRingElement; K]; K], -} + /// An unpacked ML-KEM Private Key + pub struct MlKemPrivateKeyUnpacked { + pub(crate) secret_as_ntt: [PolynomialRingElement; K], + } -/// An unpacked ML-KEM KeyPair -pub struct MlKemKeyPairUnpacked { - pub private_key: MlKemPrivateKeyUnpacked, - pub public_key: MlKemPublicKeyUnpacked, - pub public_key_hash: [u8; 32], - pub implicit_rejection_value: [u8; 32], + /// An unpacked ML-KEM Public Key + pub struct MlKemPublicKeyUnpacked { + pub(crate) t_as_ntt: [PolynomialRingElement; K], + pub(crate) seed_for_A: [u8; 32], + pub(crate) A_transpose: [[PolynomialRingElement; K]; K], + } + + /// An unpacked ML-KEM KeyPair + pub struct MlKemKeyPairUnpacked { + pub private_key: MlKemPrivateKeyUnpacked, + pub public_key: MlKemPublicKeyUnpacked, + pub public_key_hash: [u8; 32], + pub implicit_rejection_value: [u8; 32], + } } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index a2f617d1b..fd09cdd11 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -3,7 +3,14 @@ pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R -pub trait Operations: Copy + Clone { +/// Internal vectors. +/// +/// Used in the unpacked API. +pub trait VectorType: Operations {} + +impl VectorType for T {} + +pub(crate) trait Operations: Copy + Clone { #[allow(non_snake_case)] fn ZERO() -> Self; From de1c47b989e79075d8b2aaa5b90589e4fbbea442 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 12 Jun 2024 20:30:55 +0200 Subject: [PATCH 04/31] unpacked tests and benchmarks --- libcrux-ml-kem/c/benches/mlkem768.cc | 103 +++++++++++++++++++++++++++ libcrux-ml-kem/c/tests/mlkem768.cc | 89 +++++++++++++++++++++++ 2 files changed, 192 insertions(+) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index 583caa385..a49187c7d 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -69,6 +69,57 @@ BENCHMARK(kyber768_key_generation); BENCHMARK(kyber768_encapsulation); BENCHMARK(kyber768_decapsulation); +static void +kyber768_key_generation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); + + for (auto _ : state) + { + key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); + } +} + +static void +kyber768_encapsulation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + } +} + +static void +kyber768_decapsulation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + } +} + +BENCHMARK(kyber768_key_generation_unpacked); +BENCHMARK(kyber768_encapsulation_unpacked); +BENCHMARK(kyber768_decapsulation_unpacked); + #ifdef LIBCRUX_AARCH64 #include "libcrux_mlkem768_neon.h" @@ -177,6 +228,58 @@ kyber768_decapsulation_avx2(benchmark::State &state) BENCHMARK(kyber768_key_generation_avx2); BENCHMARK(kyber768_encapsulation_avx2); BENCHMARK(kyber768_decapsulation_avx2); + +static void +kyber768_key_generation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); + + for (auto _ : state) + { + key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); + } +} + +static void +kyber768_encapsulation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + } +} + +static void +kyber768_decapsulation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + } +} + +BENCHMARK(kyber768_key_generation_avx2_unpacked); +BENCHMARK(kyber768_encapsulation_avx2_unpacked); +BENCHMARK(kyber768_decapsulation_avx2_unpacked); + #endif #ifdef LIBCRUX_SYMCRYPT diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index ced40395b..c44f3f8bc 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -203,6 +203,25 @@ TEST(MlKem768TestPortable, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +TEST(MlKem768TestPortableUnpacked, ConsistencyTest) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); + + uint8_t randomness2[32]; + generate_random(randomness2, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), randomness2); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + TEST(Kyber768TestPortable, ModifiedCiphertextTest) { uint8_t randomness[64]; @@ -317,6 +336,41 @@ TEST(MlKem768TestPortable, NISTKnownAnswerTest) } } +TEST(MlKem768TestPortableUnpacked, NISTKnownAnswerTest) +{ + // XXX: This should be done in a portable way. + auto kats = read_kats("tests/mlkem768_nistkats.json"); + + for (auto kat : kats) + { + auto key_pair = + libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(kat.key_generation_seed.data()); + + // We can't check the keys because we don't really have them. + + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), kat.encapsulation_seed.data()); + + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + mk_slice(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + } +} + #ifdef LIBCRUX_X64 #include "libcrux_mlkem768_avx2.h" @@ -449,6 +503,41 @@ TEST(MlKem768TestAvx2, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } } + +TEST(MlKem768TestAvx2Unpacked, NISTKnownAnswerTest) +{ + // XXX: This should be done in a portable way. + auto kats = read_kats("tests/mlkem768_nistkats.json"); + + for (auto kat : kats) + { + auto key_pair = + libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(kat.key_generation_seed.data()); + + // We can't check the keys because we don't really have them. + + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), kat.encapsulation_seed.data()); + + uint8_t ct_hash[32]; + libcrux_sha3_sha256( + mk_slice(ctxt.fst.value, + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), + ct_hash); + EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); + EXPECT_EQ(0, + memcmp(ctxt.snd, + kat.shared_secret.data(), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); + } +} #endif // LIBCRUX_X64 #ifdef LIBCRUX_AARCH64 From 4a4a018737b96d1865180aaa424a041a1a25ddb4 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 12 Jun 2024 13:57:05 -0700 Subject: [PATCH 05/31] Try unrolling loops up to 24 --- libcrux-ml-kem/c/code_gen.txt | 6 +++--- libcrux-ml-kem/c/internal/libcrux_core.h | 6 +++--- libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h | 6 +++--- .../c/internal/libcrux_mlkem_portable.h | 6 +++--- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +++--- .../c/internal/libcrux_sha3_internal.h | 6 +++--- .../c/karamel/include/krml/internal/target.h | 11 +++++++++++ libcrux-ml-kem/c/libcrux_core.c | 6 +++--- libcrux-ml-kem/c/libcrux_core.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 6 +++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 18 ++++++++---------- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_internal.h | 18 ++++++++---------- libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +++--- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +++--- 35 files changed, 123 insertions(+), 116 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 319549631..966fa01a8 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: -Charon: 0b8b7a82c2a18f65ab9df16f222d52594c17f59c -Eurydice: ec9da30ba3723647ca6f03810cfcfd418bd48bf8 +Charon: 8cd5f30ff218c654a93d8b507dc954bbfde4eac8 +Eurydice: b38d5dd3b4099cce6bbb9d91c80fb2bf0aaff1f7 Karamel: 22425a93c68d9e3794909f98854aaffdc0560510 -F*: +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 55cf78d2d..43a450669 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index be7659412..7adb3d146 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 31dfad8ce..6964a99e6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 524d2bd7e..38b5afdff 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index e7c8658a4..70f3d8cb7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index d53314766..25f32b70e 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -263,6 +263,10 @@ inline static int32_t krml_time(void) { KRML_LOOP8(i, n, x) \ KRML_LOOP8(i, n, x) +#define KRML_LOOP24(i, n, x) \ + KRML_LOOP16(i, n, x) \ + KRML_LOOP8(i, n, x) + #define KRML_UNROLL_FOR(i, z, n, k, x) \ do { \ uint32_t i = z; \ @@ -382,4 +386,11 @@ inline static int32_t krml_time(void) { #else # define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif + +#if 24 <= KRML_UNROLL_MAX +# define KRML_MAYBE_FOR24(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 24, k, x) +#else +# define KRML_MAYBE_FOR24(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#endif + #endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index cacd1a0f8..e120aa970 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 836649df0..80846b491 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index fd54f0af6..25589cb59 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index dd3a50e17..4fd0afc3d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index e147197b9..4e7116b39 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 5bc2ce976..5fe5a7b35 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1178c18f8..d1ea93725 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 923a244ca..8ba307d4a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index baa3138e6..a390827f9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index f185545dc..66b336aa2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 60f7c32ec..ee92199ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 170f8aff1..c024f6169 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 6ae2774e6..570ff27a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index e4da24aa1..5d6fe8409 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index aa5d8e95e..684427ce5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 411a305c9..65518d474 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 460f0601d..38a3d0501 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index eadea3f27..1a77b0f60 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 6e7348c04..3096b4862 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index a45e3e541..c2db51086 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 7931abfa7..c1c24d4b6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 90e660fac..8c30c04e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 2d0336282..2d157e392 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "internal/libcrux_sha3_avx2.h" @@ -1056,13 +1056,11 @@ static inline void iota__core_core_arch_x86___m256i_4size_t( static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_x86___m256i_4size_t(s); - pi__core_core_arch_x86___m256i_4size_t(s); - chi__core_core_arch_x86___m256i_4size_t(s); - iota__core_core_arch_x86___m256i_4size_t(s, i0); - } + KRML_MAYBE_FOR24(i, (size_t)0U, (size_t)24U, (size_t)1U, size_t i0 = i; + theta_rho__core_core_arch_x86___m256i_4size_t(s); + pi__core_core_arch_x86___m256i_4size_t(s); + chi__core_core_arch_x86___m256i_4size_t(s); + iota__core_core_arch_x86___m256i_4size_t(s, i0);); } static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 0e5d15b71..0df37341c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index a2e760d8e..19ea68a29 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_sha3_internal_H @@ -877,13 +877,11 @@ static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); - } + KRML_MAYBE_FOR24(i, (size_t)0U, (size_t)24U, (size_t)1U, size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0);); } static inline void diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h index ef0b3e58e..a0a03d28e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_sha3_libcrux_ml_kem_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index d8c40c084..8f1181f36 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 5e1a4a79d..51e3b941a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 22425a93 + KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL + version: 22425a93 */ #ifndef __libcrux_sha3_neon_H From 53bc19d6a6405883ac4977b780bb63477ecedc7c Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 12 Jun 2024 15:00:48 -0700 Subject: [PATCH 06/31] Actually unroll --- libcrux-ml-kem/c/karamel/include/krml/internal/target.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index 25f32b70e..ec988f08c 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -281,7 +281,7 @@ inline static int32_t krml_time(void) { } while (0) #ifndef KRML_UNROLL_MAX -# define KRML_UNROLL_MAX 16 +# define KRML_UNROLL_MAX 24 #endif /* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */ From 8d5f9861e27e8c49dd6a0cfb12525d31d2738b2c Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Thu, 13 Jun 2024 07:05:36 +0200 Subject: [PATCH 07/31] update c.sh --- libcrux-ml-kem/c.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index e1129e50c..4a36fba92 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -70,10 +70,10 @@ clang-format --style=Google -i internal/*.h clang-format --style=Google -i intrinsics/*.h # Write out infos about the used tools -[ -n "$CHARON_REV" ] || export CHARON_REV=$(git -C $CHARON_HOME rev-parse HEAD) -[ -n "$EURYDICE_REV" ] || export EURYDICE_REV=$(git -C $EURYDICE_HOME rev-parse HEAD) -[ -n "$KRML_REV" ] || export KRML_REV=$(git -C $KRML_HOME rev-parse HEAD) -[ -n "$FSTAR_REV" ] || export FSTAR_REV=$(git -C $FSTAR_HOME rev-parse HEAD) +[[ -z "$CHARON_REV" && -d $CHARON_HOME/.git ]] && export CHARON_REV=$(git -C $CHARON_HOME rev-parse HEAD) +[[ -z "$EURYDICE_REV" && -d $EURYDICE_HOME/.git ]] && export EURYDICE_REV=$(git -C $EURYDICE_HOME rev-parse HEAD) +[[ -z "$KRML_REV" && -d $KRML_HOME/.git ]] && export KRML_REV=$(git -C $KRML_HOME rev-parse HEAD) +[[ -z "$FSTAR_REV" && -d $FSTAR_HOME/.git ]] && export FSTAR_REV=$(git -C $FSTAR_HOME rev-parse HEAD) rm -f code_gen.txt echo "This code was generated with the following tools:" >> code_gen.txt echo -n "Charon: " >> code_gen.txt From f92efd489f167e5d09d2e41c314a7f3e959fd397 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 23 Jun 2024 10:48:10 +0200 Subject: [PATCH 08/31] unpacked apis for all three variants --- libcrux-ml-kem/src/ind_cca/instantiations.rs | 11 +- libcrux-ml-kem/src/ind_cca/multiplexing.rs | 3 + libcrux-ml-kem/src/mlkem1024.rs | 76 +++++++++++- libcrux-ml-kem/src/mlkem512.rs | 79 +++++++++++- libcrux-ml-kem/src/mlkem768.rs | 6 +- libcrux-ml-kem/src/types.rs | 1 + libcrux-ml-kem/tests/self.rs | 120 +++++++++++++++++++ 7 files changed, 278 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 1e47cd76a..0ec91ce35 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -1,12 +1,15 @@ macro_rules! instantiate { ($modp:ident, $vector:path, $hash:path) => { + pub mod $modp { use crate::{ - types::unpacked::{MlKemKeyPairUnpacked, MlKemPublicKeyUnpacked}, MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, }; + pub(crate) type MlKemKeyPairUnpacked = crate::types::unpacked::MlKemKeyPairUnpacked; + pub(crate) type MlKemPublicKeyUnpacked = crate::types::unpacked::MlKemPublicKeyUnpacked; + /// Portable generate key pair. pub(crate) fn generate_keypair< const K: usize, @@ -141,7 +144,7 @@ macro_rules! instantiate { const ETA1_RANDOMNESS_SIZE: usize, >( randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKemKeyPairUnpacked { + ) -> MlKemKeyPairUnpacked { crate::ind_cca::generate_keypair_unpacked::< K, CPA_PRIVATE_KEY_SIZE, @@ -171,7 +174,7 @@ macro_rules! instantiate { const ETA2: usize, const ETA2_RANDOMNESS_SIZE: usize, >( - public_key: &MlKemPublicKeyUnpacked, + public_key: &MlKemPublicKeyUnpacked, public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { @@ -213,7 +216,7 @@ macro_rules! instantiate { const ETA2_RANDOMNESS_SIZE: usize, const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, >( - key_pair: &MlKemKeyPairUnpacked, + key_pair: &MlKemKeyPairUnpacked, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { crate::ind_cca::decapsulate_unpacked::< diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 4a49471c3..4cf4e5d4c 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -9,16 +9,19 @@ use instantiations::avx2::{ decapsulate as decapsulate_avx2, encapsulate as encapsulate_avx2, generate_keypair as generate_keypair_avx2, validate_public_key as validate_public_key_avx2, }; + #[cfg(feature = "simd128")] use instantiations::neon::{ decapsulate as decapsulate_neon, encapsulate as encapsulate_neon, generate_keypair as generate_keypair_neon, validate_public_key as validate_public_key_neon, }; + #[cfg(not(feature = "simd256"))] use instantiations::portable::{ decapsulate as decapsulate_avx2, encapsulate as encapsulate_avx2, generate_keypair as generate_keypair_avx2, validate_public_key as validate_public_key_avx2, }; + #[cfg(not(feature = "simd128"))] use instantiations::portable::{ decapsulate as decapsulate_neon, encapsulate as encapsulate_neon, diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 2a1a28a3a..81ac72bbb 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -1,6 +1,6 @@ //! ML-KEM 1024 -use super::{constants::*, ind_cca::*, *}; +use super::{constants::*, ind_cca::*, types::{unpacked::*, *}, *}; // Kyber 1024 parameters const RANK_1024: usize = 4; @@ -45,9 +45,14 @@ pub type MlKem1024PublicKey = MlKemPublicKey; /// Am ML-KEM 1024 Key pair pub type MlKem1024KeyPair = MlKemKeyPair; +/// An Unpacked ML-KEM 1024 Public key +pub type MlKem1024PublicKeyUnpacked = MlKemPublicKeyUnpacked; +/// Am Unpacked ML-KEM 1024 Key pair +pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; + // Instantiate the different functions. macro_rules! instantiate { - ($modp:ident, $p:path) => { + ($modp:ident, $p:path, $vec:path) => { pub mod $modp { use super::*; use $p as p; @@ -138,17 +143,78 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } + + // Unpacked API + pub fn generate_key_pair_unpacked( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem1024KeyPairUnpacked<$vec> { + p::generate_keypair_unpacked::< + RANK_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + + pub fn encapsulate_unpacked( + public_key: &MlKem1024PublicKeyUnpacked<$vec>, + public_key_hash: &[u8], + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { + p::encapsulate_unpacked::< + RANK_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, public_key_hash, randomness) + } + + pub fn decapsulate_unpacked( + private_key: &MlKem1024KeyPairUnpacked<$vec>, + ciphertext: &MlKem1024Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate_unpacked::< + RANK_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } } }; } // Instantiations -instantiate! {portable, ind_cca::instantiations::portable} +instantiate! {portable, ind_cca::instantiations::portable, vector::portable::PortableVector} #[cfg(feature = "simd256")] -instantiate! {avx2, ind_cca::instantiations::avx2} +instantiate! {avx2, ind_cca::instantiations::avx2, vector::SIMD256Vector} #[cfg(feature = "simd128")] -instantiate! {neon, ind_cca::instantiations::neon} +instantiate! {neon, ind_cca::instantiations::neon, vector::SIMD128Vector} /// Validate a public key. /// diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index f457e551a..ad80cfbb7 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -1,6 +1,5 @@ //! ML-KEM 512 - -use super::{constants::*, ind_cca::*, *}; +use super::{constants::*, ind_cca::*, types::{unpacked::*, *}, *}; // Kyber 512 parameters const RANK_512: usize = 2; @@ -43,9 +42,15 @@ pub type MlKem512PublicKey = MlKemPublicKey; /// Am ML-KEM 512 Key pair pub type MlKem512KeyPair = MlKemKeyPair; +/// An Unpacked ML-KEM 512 Public key +pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; +/// Am Unpacked ML-KEM 512 Key pair +pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; + + // Instantiate the different functions. macro_rules! instantiate { - ($modp:ident, $p:path) => { + ($modp:ident, $p:path, $vec:path) => { pub mod $modp { use super::*; use $p as p; @@ -134,17 +139,79 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } + + // Unpacked API + pub fn generate_key_pair_unpacked( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKem512KeyPairUnpacked<$vec> { + p::generate_keypair_unpacked::< + RANK_512, + CPA_PKE_SECRET_KEY_SIZE_512, + SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness) + } + + pub fn encapsulate_unpacked( + public_key: &MlKem512PublicKeyUnpacked<$vec>, + public_key_hash: &[u8], + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem512Ciphertext, MlKemSharedSecret) { + p::encapsulate_unpacked::< + RANK_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, public_key_hash, randomness) + } + + pub fn decapsulate_unpacked( + private_key: &MlKem512KeyPairUnpacked<$vec>, + ciphertext: &MlKem512Ciphertext, + ) -> MlKemSharedSecret { + p::decapsulate_unpacked::< + RANK_512, + SECRET_KEY_SIZE_512, + CPA_PKE_SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } + } }; } // Instantiations -instantiate! {portable, ind_cca::instantiations::portable} +instantiate! {portable, ind_cca::instantiations::portable, vector::portable::PortableVector} #[cfg(feature = "simd256")] -instantiate! {avx2, ind_cca::instantiations::avx2} +instantiate! {avx2, ind_cca::instantiations::avx2, vector::SIMD256Vector} #[cfg(feature = "simd128")] -instantiate! {neon, ind_cca::instantiations::neon} +instantiate! {neon, ind_cca::instantiations::neon, vector::SIMD128Vector} /// Validate a public key. /// diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 018dc2a86..185e38c97 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -52,9 +52,9 @@ pub type MlKem768PublicKey = MlKemPublicKey; pub type MlKem768KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 768 Public key -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { @@ -185,7 +185,7 @@ macro_rules! instantiate { >(public_key, public_key_hash, randomness) } - pub fn decapsulate_unpacked_portable( + pub fn decapsulate_unpacked( private_key: &MlKem768KeyPairUnpacked<$vec>, ciphertext: &MlKem768Ciphertext, ) -> MlKemSharedSecret { diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 437426d81..9f932ed19 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -190,6 +190,7 @@ impl } } +#[allow(non_snake_case)] /// Types for the unpacked API. pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::VectorType}; diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index ae4aa72e7..824b5b146 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -33,6 +33,37 @@ macro_rules! impl_consistency { }; } +macro_rules! impl_consistency_unpacked { + ($name:ident, $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr) => { + #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] + #[test] + fn $name() { + let randomness = random_array(); + let key_pair_unpacked = $key_gen_unpacked(randomness); + let key_pair = $key_gen(randomness); + let randomness = random_array(); + let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); + let (ciphertext_unpacked, shared_secret_unpacked) = $encaps_unpacked(&key_pair_unpacked.public_key, &key_pair_unpacked.public_key_hash, randomness); + assert_eq!( + shared_secret, shared_secret_unpacked, + "lhs: shared_secret, rhs: shared_secret_unpacked" + ); + assert_eq!( + ciphertext.as_slice(), ciphertext_unpacked.as_slice(), + "lhs: ciphertext, rhs: ciphertext_unpacked" + ); + let shared_secret_decapsulated = $decaps_unpacked(&key_pair_unpacked, &ciphertext); + assert_eq!( + shared_secret_unpacked, shared_secret_decapsulated, + "lhs: shared_secret_unpacked, rhs: shared_secret_decapsulated" + ); + // If the randomness was not enough for the rejection sampling step + // in key-generation and encapsulation, simply return without + // failing. + } + }; +} + fn modify_ciphertext( mut ciphertext: MlKemCiphertext, ) -> MlKemCiphertext { @@ -181,6 +212,95 @@ impl_consistency!( mlkem1024::decapsulate ); +impl_consistency_unpacked!( + consistency_unpacked_512_portable, + mlkem512::portable::generate_key_pair, + mlkem512::portable::encapsulate, + mlkem512::portable::generate_key_pair_unpacked, + mlkem512::portable::encapsulate_unpacked, + mlkem512::portable::decapsulate_unpacked +); + +#[cfg(feature = "simd128")] +impl_consistency_unpacked!( + consistency_unpacked_512_neon, + mlkem512::neon::generate_key_pair, + mlkem512::neon::encapsulate, + mlkem512::neon::generate_key_pair_unpacked, + mlkem512::neon::encapsulate_unpacked, + mlkem512::neon::decapsulate_unpacked +); + +#[cfg(feature = "simd256")] +impl_consistency_unpacked!( + consistency_unpacked_512_avx2, + mlkem512::avx2::generate_key_pair, + mlkem512::avx2::encapsulate, + mlkem512::avx2::generate_key_pair_unpacked, + mlkem512::avx2::encapsulate_unpacked, + mlkem512::avx2::decapsulate_unpacked +); + +impl_consistency_unpacked!( + consistency_unpacked_1024_portable, + mlkem1024::portable::generate_key_pair, + mlkem1024::portable::encapsulate, + mlkem1024::portable::generate_key_pair_unpacked, + mlkem1024::portable::encapsulate_unpacked, + mlkem1024::portable::decapsulate_unpacked +); + +#[cfg(feature = "simd128")] +impl_consistency_unpacked!( + consistency_unpacked_1024_neon, + mlkem1024::neon::generate_key_pair, + mlkem1024::neon::encapsulate, + mlkem1024::neon::generate_key_pair_unpacked, + mlkem1024::neon::encapsulate_unpacked, + mlkem1024::neon::decapsulate_unpacked +); + +#[cfg(feature = "simd256")] +impl_consistency_unpacked!( + consistency_unpacked_1024_avx2, + mlkem1024::avx2::generate_key_pair, + mlkem1024::avx2::encapsulate, + mlkem1024::avx2::generate_key_pair_unpacked, + mlkem1024::avx2::encapsulate_unpacked, + mlkem1024::avx2::decapsulate_unpacked +); + +impl_consistency_unpacked!( + consistency_unpacked_768_portable, + mlkem768::portable::generate_key_pair, + mlkem768::portable::encapsulate, + mlkem768::portable::generate_key_pair_unpacked, + mlkem768::portable::encapsulate_unpacked, + mlkem768::portable::decapsulate_unpacked +); + +#[cfg(feature = "simd128")] +impl_consistency_unpacked!( + consistency_unpacked_768_neon, + mlkem768::neon::generate_key_pair, + mlkem768::neon::encapsulate, + mlkem768::neon::generate_key_pair_unpacked, + mlkem768::neon::encapsulate_unpacked, + mlkem768::neon::decapsulate_unpacked +); + +#[cfg(feature = "simd256")] +impl_consistency_unpacked!( + consistency_unpacked_768_avx2, + mlkem768::avx2::generate_key_pair, + mlkem768::avx2::encapsulate, + mlkem768::avx2::generate_key_pair_unpacked, + mlkem768::avx2::encapsulate_unpacked, + mlkem768::avx2::decapsulate_unpacked +); + + + impl_modified_ciphertext!( modified_ciphertext_512, mlkem1024::generate_key_pair, From 69e71fc78b26dc71ad1aa8d20294b1804d8d18b9 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 23 Jun 2024 10:56:08 +0200 Subject: [PATCH 09/31] fmt --- libcrux-ml-kem/src/ind_cca/instantiations.rs | 7 ++++--- libcrux-ml-kem/src/mlkem1024.rs | 9 +++++++-- libcrux-ml-kem/src/mlkem512.rs | 9 ++++++--- libcrux-ml-kem/src/mlkem768.rs | 4 ++-- libcrux-ml-kem/tests/self.rs | 11 +++++++---- 5 files changed, 26 insertions(+), 14 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 0ec91ce35..cfffe8a10 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -1,14 +1,15 @@ macro_rules! instantiate { ($modp:ident, $vector:path, $hash:path) => { - pub mod $modp { use crate::{ MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey, MlKemSharedSecret, KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, }; - pub(crate) type MlKemKeyPairUnpacked = crate::types::unpacked::MlKemKeyPairUnpacked; - pub(crate) type MlKemPublicKeyUnpacked = crate::types::unpacked::MlKemPublicKeyUnpacked; + pub(crate) type MlKemKeyPairUnpacked = + crate::types::unpacked::MlKemKeyPairUnpacked; + pub(crate) type MlKemPublicKeyUnpacked = + crate::types::unpacked::MlKemPublicKeyUnpacked; /// Portable generate key pair. pub(crate) fn generate_keypair< diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 81ac72bbb..2caa820c5 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -1,6 +1,11 @@ //! ML-KEM 1024 -use super::{constants::*, ind_cca::*, types::{unpacked::*, *}, *}; +use super::{ + constants::*, + ind_cca::*, + types::{unpacked::*, *}, + *, +}; // Kyber 1024 parameters const RANK_1024: usize = 4; @@ -143,7 +148,7 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } - + // Unpacked API pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index ad80cfbb7..107726ffa 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -1,5 +1,10 @@ //! ML-KEM 512 -use super::{constants::*, ind_cca::*, types::{unpacked::*, *}, *}; +use super::{ + constants::*, + ind_cca::*, + types::{unpacked::*, *}, + *, +}; // Kyber 512 parameters const RANK_512: usize = 2; @@ -47,7 +52,6 @@ pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path) => { @@ -200,7 +204,6 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } - } }; } diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 185e38c97..978d2ce75 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -52,9 +52,9 @@ pub type MlKem768PublicKey = MlKemPublicKey; pub type MlKem768KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 768 Public key -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 824b5b146..72117a9a3 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -43,13 +43,18 @@ macro_rules! impl_consistency_unpacked { let key_pair = $key_gen(randomness); let randomness = random_array(); let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); - let (ciphertext_unpacked, shared_secret_unpacked) = $encaps_unpacked(&key_pair_unpacked.public_key, &key_pair_unpacked.public_key_hash, randomness); + let (ciphertext_unpacked, shared_secret_unpacked) = $encaps_unpacked( + &key_pair_unpacked.public_key, + &key_pair_unpacked.public_key_hash, + randomness, + ); assert_eq!( shared_secret, shared_secret_unpacked, "lhs: shared_secret, rhs: shared_secret_unpacked" ); assert_eq!( - ciphertext.as_slice(), ciphertext_unpacked.as_slice(), + ciphertext.as_slice(), + ciphertext_unpacked.as_slice(), "lhs: ciphertext, rhs: ciphertext_unpacked" ); let shared_secret_decapsulated = $decaps_unpacked(&key_pair_unpacked, &ciphertext); @@ -299,8 +304,6 @@ impl_consistency_unpacked!( mlkem768::avx2::decapsulate_unpacked ); - - impl_modified_ciphertext!( modified_ciphertext_512, mlkem1024::generate_key_pair, From 7d0b1330e3427629ce7dbd9e641c213989f6d223 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 23 Jun 2024 13:24:05 +0200 Subject: [PATCH 10/31] benchmarks for unpacked api --- libcrux-ml-kem/benches/ml-kem.rs | 204 ++++++++++++++++++++----------- 1 file changed, 135 insertions(+), 69 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index f8bc8f718..c1a07441e 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -12,7 +12,7 @@ pub fn comparisons_key_generation(c: &mut Criterion) { let mut group = c.benchmark_group("Kyber768 Key Generation"); group.measurement_time(Duration::from_secs(10)); - group.bench_function("libcrux portable (external random)", |b| { + group.bench_function("libcrux (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); b.iter(|| { @@ -20,25 +20,31 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }) }); - // group.bench_function("libcrux portable (HACL-DRBG)", |b| { - // b.iter(|| { - // let (_secret_key, _public_key) = - // libcrux::kem::key_gen(Algorithm::MlKem768, &mut drbg).unwrap(); - // }) - // }); - - // group.bench_function("libcrux portable (OsRng)", |b| { - // b.iter(|| { - // let (_secret_key, _public_key) = - // libcrux::kem::key_gen(Algorithm::MlKem768, &mut rng).unwrap(); - // }) - // }); - - // group.bench_function("pqclean reference implementation", |b| { - // b.iter(|| { - // let (_public_key, _secret_key) = pqcrypto_kyber::kyber768::keypair(); - // }) - // }); + #[cfg(feature = "simd256")] + group.bench_function("libcrux neon unpacked (external random)", |b| { + let mut seed = [0; 64]; + rng.fill_bytes(&mut seed); + b.iter(|| { + let _kp = mlkem768::avx2::generate_key_pair_unpacked(seed); + }) + }); + + #[cfg(feature = "simd128")] + group.bench_function("libcrux neon unpacked (external random)", |b| { + let mut seed = [0; 64]; + rng.fill_bytes(&mut seed); + b.iter(|| { + let _kp = mlkem768::neon::generate_key_pair_unpacked(seed); + }) + }); + + group.bench_function("libcrux portable unpacked (external random)", |b| { + let mut seed = [0; 64]; + rng.fill_bytes(&mut seed); + b.iter(|| { + let _kp = mlkem768::portable::generate_key_pair_unpacked(seed); + }) + }); } pub fn comparisons_pk_validation(c: &mut Criterion) { @@ -46,7 +52,7 @@ pub fn comparisons_pk_validation(c: &mut Criterion) { let mut group = c.benchmark_group("Kyber768 PK Validation"); group.measurement_time(Duration::from_secs(10)); - group.bench_function("libcrux portable", |b| { + group.bench_function("libcrux", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); b.iter_batched( @@ -60,13 +66,14 @@ pub fn comparisons_pk_validation(c: &mut Criterion) { BatchSize::SmallInput, ) }); + } pub fn comparisons_encapsulation(c: &mut Criterion) { let mut group = c.benchmark_group("Kyber768 Encapsulation"); group.measurement_time(Duration::from_secs(10)); - group.bench_function("libcrux portable (external random)", |b| { + group.bench_function("libcrux (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -81,43 +88,59 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { ) }); - // group.bench_function("libcrux portable", |b| { - // b.iter_batched( - // || { - // let mut drbg = Drbg::new(digest::Algorithm::Sha256).unwrap(); - // let (_secret_key, public_key) = - // libcrux::kem::key_gen(Algorithm::MlKem768, &mut drbg).unwrap(); - - // (drbg, public_key) - // }, - // |(mut rng, public_key)| { - // let (_shared_secret, _ciphertext) = public_key.encapsulate(&mut rng).unwrap(); - // }, - // BatchSize::SmallInput, - // ) - // }); - - // group.bench_function("pqclean reference implementation", |b| { - // b.iter_batched( - // || { - // let (public_key, _secret_key) = pqcrypto_kyber::kyber768::keypair(); - - // public_key - // }, - // |public_key| { - // let (_shared_secret, _ciphertext) = - // pqcrypto_kyber::kyber768::encapsulate(&public_key); - // }, - // BatchSize::SmallInput, - // ) - // }); + group.bench_function("libcrux unpacked portable (external random)", |b| { + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || mlkem768::portable::generate_key_pair_unpacked(seed1), + |keypair| { + let (_shared_secret, _ciphertext) = + mlkem768::portable::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + }, + BatchSize::SmallInput, + ) + }); + + #[cfg(feature = "simd128")] + group.bench_function("libcrux unpacked neon (external random)", |b| { + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || mlkem768::neon::generate_key_pair_unpacked(seed1), + |keypair| { + let (_shared_secret, _ciphertext) = + mlkem768::neon::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + }, + BatchSize::SmallInput, + ) + }); + + #[cfg(feature = "simd256")] + group.bench_function("libcrux unpacked avx2 (external random)", |b| { + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || mlkem768::avx2::generate_key_pair_unpacked(seed1), + |keypair| { + let (_shared_secret, _ciphertext) = + mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + }, + BatchSize::SmallInput, + ) + }); } pub fn comparisons_decapsulation(c: &mut Criterion) { let mut group = c.benchmark_group("Kyber768 Decapsulation"); group.measurement_time(Duration::from_secs(10)); - group.bench_function("libcrux portable", |b| { + group.bench_function("libcrux", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -136,22 +159,65 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { ) }); - // group.bench_function("pqclean reference implementation", |b| { - // b.iter_batched( - // || { - // let (public_key, secret_key) = pqcrypto_kyber::kyber768::keypair(); - // let (_shared_secret, ciphertext) = - // pqcrypto_kyber::kyber768::encapsulate(&public_key); - - // (ciphertext, secret_key) - // }, - // |(ciphertext, secret_key)| { - // let _shared_secret = - // pqcrypto_kyber::kyber768::decapsulate(&ciphertext, &secret_key); - // }, - // BatchSize::SmallInput, - // ) - // }); + group.bench_function("libcrux unpacked portable", |b| { + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let keypair = mlkem768::portable::generate_key_pair_unpacked(seed1); + let (ciphertext, _shared_secret) = + mlkem768::portable::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + (keypair, ciphertext) + }, + |(keypair, ciphertext)| { + let _shared_secret = mlkem768::portable::decapsulate_unpacked(&keypair, &ciphertext); + }, + BatchSize::SmallInput, + ) + }); + + #[cfg(feature = "simd128")] + group.bench_function("libcrux unpacked neon", |b| { + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let keypair = mlkem768::neon::generate_key_pair_unpacked(seed1); + let (ciphertext, _shared_secret) = + mlkem768::neon::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + (keypair, ciphertext) + }, + |(keypair, ciphertext)| { + let _shared_secret = mlkem768::neon::decapsulate_unpacked(&keypair, &ciphertext); + }, + BatchSize::SmallInput, + ) + }); + + #[cfg(feature = "simd256")] + group.bench_function("libcrux unpacked avx2", |b| { + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let keypair = mlkem768::avx2::generate_key_pair_unpacked(seed1); + let (ciphertext, _shared_secret) = + mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + (keypair, ciphertext) + }, + |(keypair, ciphertext)| { + let _shared_secret = mlkem768::avx2::decapsulate_unpacked(&keypair, &ciphertext); + }, + BatchSize::SmallInput, + ) + }); + } pub fn comparisons(c: &mut Criterion) { From fb1e5faf9e5b1ebc3f0870bcd90dbc33a386bea7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 23 Jun 2024 13:29:11 +0200 Subject: [PATCH 11/31] benchmarks for unpacked api --- libcrux-ml-kem/benches/ml-kem.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index c1a07441e..e5d947c6f 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -21,7 +21,7 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }); #[cfg(feature = "simd256")] - group.bench_function("libcrux neon unpacked (external random)", |b| { + group.bench_function("libcrux avx2 unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); b.iter(|| { From df8b66eb676a2d23087b1c6ba79ce43999bcfa77 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 26 Jun 2024 15:09:04 +0200 Subject: [PATCH 12/31] trying without vectortype --- libcrux-ml-kem/src/mlkem768.rs | 5 ++--- libcrux-ml-kem/src/types.rs | 8 ++++---- libcrux-ml-kem/src/vector/traits.rs | 5 +---- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 978d2ce75..66b05dfd6 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,6 +1,5 @@ //! ML-KEM 512 //! -use vector::traits::VectorType; use super::{ constants::*, @@ -52,9 +51,9 @@ pub type MlKem768PublicKey = MlKemPublicKey; pub type MlKem768KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 768 Public key -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 9f932ed19..a3003f64a 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -193,22 +193,22 @@ impl #[allow(non_snake_case)] /// Types for the unpacked API. pub mod unpacked { - use crate::{polynomial::PolynomialRingElement, vector::traits::VectorType}; + use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; /// An unpacked ML-KEM Private Key - pub struct MlKemPrivateKeyUnpacked { + pub struct MlKemPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } /// An unpacked ML-KEM Public Key - pub struct MlKemPublicKeyUnpacked { + pub struct MlKemPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], pub(crate) A_transpose: [[PolynomialRingElement; K]; K], } /// An unpacked ML-KEM KeyPair - pub struct MlKemKeyPairUnpacked { + pub struct MlKemKeyPairUnpacked { pub private_key: MlKemPrivateKeyUnpacked, pub public_key: MlKemPublicKeyUnpacked, pub public_key_hash: [u8; 32], diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index fd09cdd11..b58c244ce 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -6,11 +6,8 @@ pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1 /// Internal vectors. /// /// Used in the unpacked API. -pub trait VectorType: Operations {} -impl VectorType for T {} - -pub(crate) trait Operations: Copy + Clone { +pub trait Operations: Copy + Clone { #[allow(non_snake_case)] fn ZERO() -> Self; From 719ee5c7acc696a5bf42eb68380c121268008a54 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 26 Jun 2024 16:11:32 +0200 Subject: [PATCH 13/31] fmt --- libcrux-ml-kem/benches/ml-kem.rs | 47 ++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index e5d947c6f..d3449a043 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -66,7 +66,6 @@ pub fn comparisons_pk_validation(c: &mut Criterion) { BatchSize::SmallInput, ) }); - } pub fn comparisons_encapsulation(c: &mut Criterion) { @@ -96,8 +95,11 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { b.iter_batched( || mlkem768::portable::generate_key_pair_unpacked(seed1), |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::portable::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + let (_shared_secret, _ciphertext) = mlkem768::portable::encapsulate_unpacked( + &keypair.public_key, + &keypair.public_key_hash, + seed2, + ); }, BatchSize::SmallInput, ) @@ -112,8 +114,11 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { b.iter_batched( || mlkem768::neon::generate_key_pair_unpacked(seed1), |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::neon::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + let (_shared_secret, _ciphertext) = mlkem768::neon::encapsulate_unpacked( + &keypair.public_key, + &keypair.public_key_hash, + seed2, + ); }, BatchSize::SmallInput, ) @@ -128,8 +133,11 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { b.iter_batched( || mlkem768::avx2::generate_key_pair_unpacked(seed1), |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + let (_shared_secret, _ciphertext) = mlkem768::avx2::encapsulate_unpacked( + &keypair.public_key, + &keypair.public_key_hash, + seed2, + ); }, BatchSize::SmallInput, ) @@ -167,12 +175,16 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { b.iter_batched( || { let keypair = mlkem768::portable::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::portable::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + let (ciphertext, _shared_secret) = mlkem768::portable::encapsulate_unpacked( + &keypair.public_key, + &keypair.public_key_hash, + seed2, + ); (keypair, ciphertext) }, |(keypair, ciphertext)| { - let _shared_secret = mlkem768::portable::decapsulate_unpacked(&keypair, &ciphertext); + let _shared_secret = + mlkem768::portable::decapsulate_unpacked(&keypair, &ciphertext); }, BatchSize::SmallInput, ) @@ -187,8 +199,11 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { b.iter_batched( || { let keypair = mlkem768::neon::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::neon::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + let (ciphertext, _shared_secret) = mlkem768::neon::encapsulate_unpacked( + &keypair.public_key, + &keypair.public_key_hash, + seed2, + ); (keypair, ciphertext) }, |(keypair, ciphertext)| { @@ -207,8 +222,11 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { b.iter_batched( || { let keypair = mlkem768::avx2::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, &keypair.public_key_hash, seed2); + let (ciphertext, _shared_secret) = mlkem768::avx2::encapsulate_unpacked( + &keypair.public_key, + &keypair.public_key_hash, + seed2, + ); (keypair, ciphertext) }, |(keypair, ciphertext)| { @@ -217,7 +235,6 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { BatchSize::SmallInput, ) }); - } pub fn comparisons(c: &mut Criterion) { From ffb2e1020a5e22291f9c4948ef7aeb393e28986b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 27 Jun 2024 15:53:55 +0200 Subject: [PATCH 14/31] c snapshot --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 55 +- .../c/internal/libcrux_mlkem_portable.h | 73 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 48 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 22 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 146 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 16 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 14 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 4710 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 458 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2117 +------- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 38 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 18 +- .../c/libcrux_sha3_libcrux_ml_kem.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3038 ++++++++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 32 +- libcrux-ml-kem/src/mlkem1024.rs | 5 +- libcrux-ml-kem/src/mlkem512.rs | 5 +- libcrux-ml-kem/src/mlkem768.rs | 5 +- libcrux-ml-kem/src/vector/traits.rs | 11 +- 28 files changed, 5982 insertions(+), 4978 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 966fa01a8..43e3c72b6 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: -Charon: 8cd5f30ff218c654a93d8b507dc954bbfde4eac8 -Eurydice: b38d5dd3b4099cce6bbb9d91c80fb2bf0aaff1f7 -Karamel: 22425a93c68d9e3794909f98854aaffdc0560510 -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Charon: ae55966c01a1a4b185a1a34da7861ba5db74c8ad +Eurydice: bbfd102bbfbc3e4c362953f093dbfd65e2fbc10c +Karamel: 018dcd1d71f37472c517822aa6bd275263a6dcaa +F*: 0e2a116da266fbe1dbb81b414002d0afac6819b3 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 43a450669..9356f2178 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_core_H @@ -23,7 +23,7 @@ extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -177,45 +177,6 @@ void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -typedef struct - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]); - -typedef struct - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]); - -typedef struct - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]); - typedef struct core_option_Option__Eurydice_slice_uint8_t_s { core_option_Option__size_t_tags tag; Eurydice_slice f0; @@ -235,10 +196,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 6964a99e6..de51029f0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_mlkem_portable_H @@ -23,66 +23,97 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR) -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key); -libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t -libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, Eurydice_slice public_key_hash, uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 70f3d8cb7..0363128b2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e120aa970..02b9b7bfd 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "internal/libcrux_core.h" @@ -338,48 +338,6 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( - core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 80846b491..8bccd9104 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 25589cb59..035bc1287 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 5fe5a7b35..c59c9ebc7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem1024_portable.h" @@ -17,6 +17,17 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -28,6 +39,20 @@ libcrux_ml_kem_mlkem1024_portable_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -36,6 +61,15 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index d1ea93725..0eb57183c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem1024_portable_H @@ -15,19 +15,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_mlkem512_portable.h" +#include "libcrux_mlkem_portable.h" void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 8ba307d4a..7277f70d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index ee92199ab..284cbe901 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem512_portable.h" @@ -14,7 +14,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632si libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -29,6 +29,28 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -36,7 +58,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_8 libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____0, uu____1); } @@ -51,12 +73,40 @@ libcrux_ml_kem_mlkem512_portable_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uu____0); } @@ -68,9 +118,27 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( public_key); } @@ -93,19 +161,42 @@ libcrux_ml_kem_mlkem512_portable_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( public_key); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uu____0); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -113,32 +204,43 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_ libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( public_key); } -libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uu____0); } @@ -147,21 +249,21 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152si uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uu____0); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, Eurydice_slice public_key_hash, uint8_t randomness[32U]) { - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *uu____0 = public_key; Eurydice_slice uu____1 = public_key_hash; uint8_t uu____2[32U]; memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1, uu____2); } @@ -172,16 +274,16 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( key_pair, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -190,7 +292,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400si libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index c024f6169..26aca4e8c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem512_portable_H @@ -26,6 +26,18 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -36,6 +48,18 @@ libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); @@ -43,6 +67,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___2size_t_768siz libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]); + bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key); @@ -53,15 +85,30 @@ libcrux_ml_kem_mlkem512_portable_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -69,7 +116,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168si bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); -libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); @@ -79,7 +126,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair___3size_t_1152si K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, Eurydice_slice public_key_hash, uint8_t randomness[32U]); @@ -89,7 +136,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ uint8_t randomness[32U]); void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 570ff27a3..7dab3285d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 65518d474..538d1e143 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_mlkem768_portable.h" @@ -16,8 +16,8 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable( - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; @@ -39,10 +39,10 @@ libcrux_ml_kem_mlkem768_portable_encapsulate( K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, Eurydice_slice public_key_hash, uint8_t randomness[32U]) { - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *uu____0 = public_key; Eurydice_slice uu____1 = public_key_hash; uint8_t uu____2[32U]; @@ -59,7 +59,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } -libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 38a3d0501..a78ad166e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem768_portable_H @@ -21,8 +21,8 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable( - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -33,14 +33,14 @@ libcrux_ml_kem_mlkem768_portable_encapsulate( K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, Eurydice_slice public_key_hash, uint8_t randomness[32U]); libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index c2db51086..a0938d9bb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "internal/libcrux_mlkem_portable.h" @@ -44,524 +44,9 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( - void) { - libcrux_ml_kem_vector_portable_PortableVector lit; +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = (int16_t)0; lit.elements[1U] = (int16_t)0; lit.elements[2U] = (int16_t)0; @@ -581,15 +66,16 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero( return lit; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO( void) { - return libcrux_ml_kem_vector_zero(); + return libcrux_ml_kem_vector_portable_vector_type_zero(); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { - libcrux_ml_kem_vector_portable_PortableVector lit; +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; core_result_Result__int16_t_16size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2( @@ -606,15 +92,16 @@ libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array) { return lit; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice array) { - return libcrux_ml_kem_vector_from_i16_array(array); + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -624,16 +111,17 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( return lhs; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { - return libcrux_ml_kem_vector_add(lhs, rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -643,16 +131,16 @@ inline libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( return lhs; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs) { - return libcrux_ml_kem_vector_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -662,15 +150,15 @@ libcrux_ml_kem_vector_multiply_by_constant( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -680,15 +168,16 @@ libcrux_ml_kem_vector_bitwise_and_with_constant( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_bitwise_and_with_constant(v, c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { core_ops_range_Range__size_t iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( (CLITERAL(core_ops_range_Range__size_t){ @@ -711,78 +200,92 @@ libcrux_ml_kem_vector_cond_subtract_3329( } } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value) { - int32_t t = (int32_t)value * LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_BARRETT_R >> 1U); +int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); int16_t quotient = - (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT); + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = - libcrux_ml_kem_vector_barrett_reduce_element(v.elements[i0]); + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); v.elements[i0] = uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_barrett_reduce(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value) { +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { int32_t k = (int32_t)(int16_t)value * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; int32_t k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = (int16_t)(k_times_modulus >> - (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); int16_t value_high = - (int16_t)(value >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT); + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); return value_high - c; } -inline int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( +inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_montgomery_reduce_element((int32_t)fe * - (int32_t)fer); + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[i0], c); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); v.elements[i0] = uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_montgomery_multiply_by_constant(v, r); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { +uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; int16_t mask = shifted >> 15U; int16_t shifted_to_positive = mask ^ shifted; @@ -790,80 +293,91 @@ uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe) { return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_compress_1( - libcrux_ml_kem_vector_portable_PortableVector v) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - uint8_t uu____0 = libcrux_ml_kem_vector_compress_message_coefficient( - (uint16_t)v.elements[i0]); + uint8_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); v.elements[i0] = (int16_t)uu____0; } return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector_compress_1(v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -inline uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits( +inline uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { return value & ((1U << (uint32_t)n) - 1U); } -int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( +int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; - return (int16_t)libcrux_ml_kem_vector_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[2U], zeta0); + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[2U], zeta0); v.elements[2U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[3U], zeta0); + int16_t t0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[3U], zeta0); v.elements[3U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[6U], zeta1); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta1); v.elements[6U] = v.elements[4U] - t1; v.elements[4U] = v.elements[4U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[7U], zeta1); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta1); v.elements[7U] = v.elements[5U] - t2; v.elements[5U] = v.elements[5U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)2U], zeta2); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)2U], zeta2); v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)0U] - t3; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)3U], zeta2); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)3U], zeta2); v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)1U] - t4; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)6U], zeta3); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta3); v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)4U] - t5; v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)4U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)7U], zeta3); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta3); v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)5U] - t6; v.elements[(size_t)8U + (size_t)5U] = @@ -871,53 +385,62 @@ libcrux_ml_kem_vector_ntt_layer_1_step( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3); + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1) { - int16_t t = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[4U], zeta0); + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[4U], zeta0); v.elements[4U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; - int16_t t0 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[5U], zeta0); + int16_t t0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[5U], zeta0); v.elements[5U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[6U], zeta0); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[6U], zeta0); v.elements[6U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[7U], zeta0); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[7U], zeta0); v.elements[7U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)4U], zeta1); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)4U], zeta1); v.elements[(size_t)8U + (size_t)4U] = v.elements[(size_t)8U + (size_t)0U] - t3; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)5U], zeta1); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)5U], zeta1); v.elements[(size_t)8U + (size_t)5U] = v.elements[(size_t)8U + (size_t)1U] - t4; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)6U], zeta1); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)6U], zeta1); v.elements[(size_t)8U + (size_t)6U] = v.elements[(size_t)8U + (size_t)2U] - t5; v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[(size_t)8U + (size_t)7U], zeta1); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[(size_t)8U + (size_t)7U], zeta1); v.elements[(size_t)8U + (size_t)7U] = v.elements[(size_t)8U + (size_t)3U] - t6; v.elements[(size_t)8U + (size_t)3U] = @@ -925,274 +448,320 @@ libcrux_ml_kem_vector_ntt_layer_2_step( return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_ntt_layer_2_step(a, zeta0, zeta1); + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { int16_t t = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[8U], zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[8U], zeta); v.elements[8U] = v.elements[0U] - t; v.elements[0U] = v.elements[0U] + t; int16_t t0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(v.elements[9U], zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[9U], zeta); v.elements[9U] = v.elements[1U] - t0; v.elements[1U] = v.elements[1U] + t0; - int16_t t1 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[10U], zeta); + int16_t t1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[10U], zeta); v.elements[10U] = v.elements[2U] - t1; v.elements[2U] = v.elements[2U] + t1; - int16_t t2 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[11U], zeta); + int16_t t2 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[11U], zeta); v.elements[11U] = v.elements[3U] - t2; v.elements[3U] = v.elements[3U] + t2; - int16_t t3 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[12U], zeta); + int16_t t3 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[12U], zeta); v.elements[12U] = v.elements[4U] - t3; v.elements[4U] = v.elements[4U] + t3; - int16_t t4 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[13U], zeta); + int16_t t4 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[13U], zeta); v.elements[13U] = v.elements[5U] - t4; v.elements[5U] = v.elements[5U] + t4; - int16_t t5 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[14U], zeta); + int16_t t5 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[14U], zeta); v.elements[14U] = v.elements[6U] - t5; v.elements[6U] = v.elements[6U] + t5; - int16_t t6 = libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer( - v.elements[15U], zeta); + int16_t t6 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[15U], zeta); v.elements[15U] = v.elements[7U] - t6; v.elements[7U] = v.elements[7U] + t6; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_ntt_layer_3_step(a, zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { int16_t a_minus_b = v.elements[2U] - v.elements[0U]; - int16_t uu____0 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[0U] + v.elements[2U]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[0U] + v.elements[2U]); v.elements[0U] = uu____0; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta0); v.elements[2U] = uu____1; int16_t a_minus_b0 = v.elements[3U] - v.elements[1U]; - int16_t uu____2 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[1U] + v.elements[3U]); + int16_t uu____2 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[1U] + v.elements[3U]); v.elements[1U] = uu____2; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta0); v.elements[3U] = uu____3; int16_t a_minus_b1 = v.elements[6U] - v.elements[4U]; - int16_t uu____4 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[4U] + v.elements[6U]); + int16_t uu____4 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[4U] + v.elements[6U]); v.elements[4U] = uu____4; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta1); v.elements[6U] = uu____5; int16_t a_minus_b2 = v.elements[7U] - v.elements[5U]; - int16_t uu____6 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[5U] + v.elements[7U]); + int16_t uu____6 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[5U] + v.elements[7U]); v.elements[5U] = uu____6; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta1); v.elements[7U] = uu____7; int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)2U] - v.elements[(size_t)8U + (size_t)0U]; - int16_t uu____8 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)0U] + - v.elements[(size_t)8U + (size_t)2U]); + int16_t uu____8 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)0U] + + v.elements[(size_t)8U + (size_t)2U]); v.elements[(size_t)8U + (size_t)0U] = uu____8; int16_t uu____9 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta2); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta2); v.elements[(size_t)8U + (size_t)2U] = uu____9; int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)3U] - v.elements[(size_t)8U + (size_t)1U]; - int16_t uu____10 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)1U] + - v.elements[(size_t)8U + (size_t)3U]); + int16_t uu____10 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)1U] + + v.elements[(size_t)8U + (size_t)3U]); v.elements[(size_t)8U + (size_t)1U] = uu____10; int16_t uu____11 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta2); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta2); v.elements[(size_t)8U + (size_t)3U] = uu____11; int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)4U]; - int16_t uu____12 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)4U] + - v.elements[(size_t)8U + (size_t)6U]); + int16_t uu____12 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)4U] + + v.elements[(size_t)8U + (size_t)6U]); v.elements[(size_t)8U + (size_t)4U] = uu____12; int16_t uu____13 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta3); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta3); v.elements[(size_t)8U + (size_t)6U] = uu____13; int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)5U]; - int16_t uu____14 = libcrux_ml_kem_vector_barrett_reduce_element( - v.elements[(size_t)8U + (size_t)5U] + - v.elements[(size_t)8U + (size_t)7U]); + int16_t uu____14 = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[(size_t)8U + (size_t)5U] + + v.elements[(size_t)8U + (size_t)7U]); v.elements[(size_t)8U + (size_t)5U] = uu____14; int16_t uu____15 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta3); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta3); v.elements[(size_t)8U + (size_t)7U] = uu____15; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, - zeta3); + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1) { int16_t a_minus_b = v.elements[4U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[4U]; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta0); v.elements[4U] = uu____0; int16_t a_minus_b0 = v.elements[5U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[5U]; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta0); v.elements[5U] = uu____1; int16_t a_minus_b1 = v.elements[6U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[6U]; int16_t uu____2 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta0); v.elements[6U] = uu____2; int16_t a_minus_b2 = v.elements[7U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[7U]; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta0); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta0); v.elements[7U] = uu____3; int16_t a_minus_b3 = v.elements[(size_t)8U + (size_t)4U] - v.elements[(size_t)8U + (size_t)0U]; v.elements[(size_t)8U + (size_t)0U] = v.elements[(size_t)8U + (size_t)0U] + v.elements[(size_t)8U + (size_t)4U]; int16_t uu____4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta1); v.elements[(size_t)8U + (size_t)4U] = uu____4; int16_t a_minus_b4 = v.elements[(size_t)8U + (size_t)5U] - v.elements[(size_t)8U + (size_t)1U]; v.elements[(size_t)8U + (size_t)1U] = v.elements[(size_t)8U + (size_t)1U] + v.elements[(size_t)8U + (size_t)5U]; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta1); v.elements[(size_t)8U + (size_t)5U] = uu____5; int16_t a_minus_b5 = v.elements[(size_t)8U + (size_t)6U] - v.elements[(size_t)8U + (size_t)2U]; v.elements[(size_t)8U + (size_t)2U] = v.elements[(size_t)8U + (size_t)2U] + v.elements[(size_t)8U + (size_t)6U]; int16_t uu____6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta1); v.elements[(size_t)8U + (size_t)6U] = uu____6; int16_t a_minus_b6 = v.elements[(size_t)8U + (size_t)7U] - v.elements[(size_t)8U + (size_t)3U]; v.elements[(size_t)8U + (size_t)3U] = v.elements[(size_t)8U + (size_t)3U] + v.elements[(size_t)8U + (size_t)7U]; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta1); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta1); v.elements[(size_t)8U + (size_t)7U] = uu____7; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_inv_ntt_layer_2_step(a, zeta0, zeta1); + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { int16_t a_minus_b = v.elements[8U] - v.elements[0U]; v.elements[0U] = v.elements[0U] + v.elements[8U]; int16_t uu____0 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); v.elements[8U] = uu____0; int16_t a_minus_b0 = v.elements[9U] - v.elements[1U]; v.elements[1U] = v.elements[1U] + v.elements[9U]; int16_t uu____1 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b0, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b0, zeta); v.elements[9U] = uu____1; int16_t a_minus_b1 = v.elements[10U] - v.elements[2U]; v.elements[2U] = v.elements[2U] + v.elements[10U]; int16_t uu____2 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b1, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b1, zeta); v.elements[10U] = uu____2; int16_t a_minus_b2 = v.elements[11U] - v.elements[3U]; v.elements[3U] = v.elements[3U] + v.elements[11U]; int16_t uu____3 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b2, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b2, zeta); v.elements[11U] = uu____3; int16_t a_minus_b3 = v.elements[12U] - v.elements[4U]; v.elements[4U] = v.elements[4U] + v.elements[12U]; int16_t uu____4 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b3, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b3, zeta); v.elements[12U] = uu____4; int16_t a_minus_b4 = v.elements[13U] - v.elements[5U]; v.elements[5U] = v.elements[5U] + v.elements[13U]; int16_t uu____5 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b4, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b4, zeta); v.elements[13U] = uu____5; int16_t a_minus_b5 = v.elements[14U] - v.elements[6U]; v.elements[6U] = v.elements[6U] + v.elements[14U]; int16_t uu____6 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b5, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b5, zeta); v.elements[14U] = uu____6; int16_t a_minus_b6 = v.elements[15U] - v.elements[7U]; v.elements[7U] = v.elements[7U] + v.elements[15U]; int16_t uu____7 = - libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(a_minus_b6, zeta); + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b6, zeta); v.elements[15U] = uu____7; return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_inv_ntt_layer_3_step(a, zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -inline K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( +inline K___int16_t_int16_t +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta) { int16_t a0 = _.fst; int16_t a1 = _.snd; int16_t b0 = _0.fst; int16_t b1 = _0.snd; int32_t uu____0 = (int32_t)a0 * (int32_t)b0; - int16_t uu____1 = libcrux_ml_kem_vector_montgomery_reduce_element( - uu____0 + (int32_t)libcrux_ml_kem_vector_montgomery_reduce_element( - (int32_t)a1 * (int32_t)b1) * - (int32_t)zeta); + int16_t uu____1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + uu____0 + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a1 * (int32_t)b1) * + (int32_t)zeta); return (CLITERAL(K___int16_t_int16_t){ .fst = uu____1, - .snd = libcrux_ml_kem_vector_montgomery_reduce_element( - (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); -} - -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_PortableVector out = - libcrux_ml_kem_vector_zero(); + .snd = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a0 * (int32_t)b1 + (int32_t)a1 * (int32_t)b0)}); +} + +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); K___int16_t_int16_t lit0; lit0.fst = lhs->elements[0U]; lit0.snd = lhs->elements[1U]; @@ -1200,7 +769,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit1.fst = rhs->elements[0U]; lit1.snd = rhs->elements[1U]; K___int16_t_int16_t product = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit0, lit1, zeta0); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit0, lit1, + zeta0); out.elements[0U] = product.fst; out.elements[1U] = product.snd; K___int16_t_int16_t lit2; @@ -1210,7 +780,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit3.fst = rhs->elements[2U]; lit3.snd = rhs->elements[3U]; K___int16_t_int16_t product0 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit2, lit3, -zeta0); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit2, lit3, + -zeta0); out.elements[2U] = product0.fst; out.elements[3U] = product0.snd; K___int16_t_int16_t lit4; @@ -1220,7 +791,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit5.fst = rhs->elements[4U]; lit5.snd = rhs->elements[5U]; K___int16_t_int16_t product1 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit4, lit5, zeta1); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit4, lit5, + zeta1); out.elements[4U] = product1.fst; out.elements[5U] = product1.snd; K___int16_t_int16_t lit6; @@ -1230,7 +802,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit7.fst = rhs->elements[6U]; lit7.snd = rhs->elements[7U]; K___int16_t_int16_t product2 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit6, lit7, -zeta1); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit6, lit7, + -zeta1); out.elements[6U] = product2.fst; out.elements[7U] = product2.snd; K___int16_t_int16_t lit8; @@ -1240,7 +813,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit9.fst = rhs->elements[(size_t)8U + (size_t)0U]; lit9.snd = rhs->elements[(size_t)8U + (size_t)1U]; K___int16_t_int16_t product3 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit8, lit9, zeta2); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit8, lit9, + zeta2); out.elements[(size_t)8U + (size_t)0U] = product3.fst; out.elements[(size_t)8U + (size_t)1U] = product3.snd; K___int16_t_int16_t lit10; @@ -1250,7 +824,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit11.fst = rhs->elements[(size_t)8U + (size_t)2U]; lit11.snd = rhs->elements[(size_t)8U + (size_t)3U]; K___int16_t_int16_t product4 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit10, lit11, -zeta2); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit10, lit11, + -zeta2); out.elements[(size_t)8U + (size_t)2U] = product4.fst; out.elements[(size_t)8U + (size_t)3U] = product4.snd; K___int16_t_int16_t lit12; @@ -1260,7 +835,8 @@ libcrux_ml_kem_vector_ntt_multiply( lit13.fst = rhs->elements[(size_t)8U + (size_t)4U]; lit13.snd = rhs->elements[(size_t)8U + (size_t)5U]; K___int16_t_int16_t product5 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit12, lit13, zeta3); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit12, lit13, + zeta3); out.elements[(size_t)8U + (size_t)4U] = product5.fst; out.elements[(size_t)8U + (size_t)5U] = product5.snd; K___int16_t_int16_t lit14; @@ -1270,23 +846,25 @@ libcrux_ml_kem_vector_ntt_multiply( lit.fst = rhs->elements[(size_t)8U + (size_t)6U]; lit.snd = rhs->elements[(size_t)8U + (size_t)7U]; K___int16_t_int16_t product6 = - libcrux_ml_kem_vector_ntt_multiply_binomials(lit14, lit, -zeta3); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lit14, lit, + -zeta3); out.elements[(size_t)8U + (size_t)6U] = product6.fst; out.elements[(size_t)8U + (size_t)7U] = product6.snd; return out; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, - zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -inline void libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { uint8_t result[2U] = {0U}; KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; @@ -1301,17 +879,18 @@ inline void libcrux_ml_kem_vector_serialize_1( memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { uint8_t ret0[2U]; - libcrux_ml_kem_vector_serialize_1(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret0); memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8(i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; uint8_t *uu____0 = &Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -1328,14 +907,15 @@ libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_1(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -inline void libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { uint8_t result[8U] = {0U}; result[0U] = (uint32_t)(uint8_t)v.elements[1U] << 4U | (uint32_t)(uint8_t)v.elements[0U]; @@ -1356,17 +936,18 @@ inline void libcrux_ml_kem_vector_serialize_4( memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { uint8_t ret0[8U]; - libcrux_ml_kem_vector_serialize_4(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector v = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 15U); @@ -1418,14 +999,15 @@ libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes) { return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_4(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -inline void libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { uint8_t result[10U] = {0U}; result[0U] = (uint8_t)((v.elements[1U] & (int16_t)7) << 5U | v.elements[0U]); result[1U] = @@ -1456,17 +1038,18 @@ inline void libcrux_ml_kem_vector_serialize_5( memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { uint8_t ret0[10U]; - libcrux_ml_kem_vector_serialize_5(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector v = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); uint8_t *uu____0 = &Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); v.elements[0U] = (int16_t)((uint32_t)uu____0[0U] & 31U); @@ -1557,14 +1140,15 @@ libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes) { return v; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_5(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -inline void libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { uint8_t result[20U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)63) << 2U | @@ -1621,17 +1205,18 @@ inline void libcrux_ml_kem_vector_serialize_10( memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { uint8_t ret0[20U]; - libcrux_ml_kem_vector_serialize_10(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)3) @@ -1751,14 +1336,15 @@ libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_10(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -inline void libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { uint8_t result[22U] = {0U}; result[0U] = (uint8_t)v.elements[0U]; result[1U] = (uint32_t)(uint8_t)(v.elements[1U] & (int16_t)31) << 3U | @@ -1815,17 +1401,18 @@ inline void libcrux_ml_kem_vector_serialize_11( memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { uint8_t ret0[22U]; - libcrux_ml_kem_vector_serialize_11(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector result = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t uu____0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & (int16_t)7) @@ -1963,14 +1550,15 @@ libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes) { return result; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_11(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -inline void libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]) { +inline void libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]) { uint8_t result[24U] = {0U}; result[0U] = (uint8_t)(v.elements[0U] & (int16_t)255); result[1U] = @@ -2015,17 +1603,18 @@ inline void libcrux_ml_kem_vector_serialize_12( memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); } -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { uint8_t ret0[24U]; - libcrux_ml_kem_vector_serialize_12(a, ret0); + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_PortableVector re = - libcrux_ml_kem_vector_zero(); +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t); int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, @@ -2093,14 +1682,14 @@ libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes) { return re; } -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( Eurydice_slice a) { - return libcrux_ml_kem_vector_deserialize_12(a); + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, - Eurydice_slice result) { +inline size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( + Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; core_slice_iter_Chunks iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( @@ -2175,61 +1764,61 @@ inline size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, } size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_rej_sample(a, out); + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -inline libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self) { +inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___clone( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { return self[0U]; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ZERO__libcrux_ml_kem_vector_portable_PortableVector(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.coefficients[0U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[1U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[2U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[3U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[4U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[5U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[6U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[7U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[8U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[9U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[10U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[11U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[12U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[13U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[14U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); lit.coefficients[15U] = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(); + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2240,11 +1829,11 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( coefficient); re.coefficients[i0] = uu____0; } @@ -2252,15 +1841,16 @@ deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVect } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1568size_t_4size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2273,9 +1863,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -2283,11 +1873,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_vector_portable_PortableVector -shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +shift_right___15int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2296,36 +1887,38 @@ shift_right___15int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { return v; } -static libcrux_ml_kem_vector_portable_PortableVector shift_right___15int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +shift_right___15int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return shift_right___15int32_t(v); } -static libcrux_ml_kem_vector_portable_PortableVector -to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a) { - libcrux_ml_kem_vector_portable_PortableVector t = shift_right___15int32_t0(a); - libcrux_ml_kem_vector_portable_PortableVector fm = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + shift_right___15int32_t0(a); + libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &fm); } static inline void -serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)384U, serialized, @@ -2341,8 +1934,8 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVect } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2352,13 +1945,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1536U, out, @@ -2368,7 +1961,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2379,8 +1972,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2390,7 +1983,7 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -2404,18 +1997,18 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536 memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1568size_t_4size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1568size_t_4size_t( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2425,27 +2018,12 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ } typedef struct - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; -} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t; - -typedef struct - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[4U][4U]; -} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t; - -typedef struct - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___s { - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t snd; -} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__; static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; @@ -2456,19 +2034,20 @@ static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____4size_t_s { @@ -2515,7 +2094,7 @@ static inline void shake128_squeeze_three_blocks___4size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_504size_t( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2531,7 +2110,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -2569,7 +2148,7 @@ static inline void shake128_squeeze_block___4size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_168size_t( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2585,7 +2164,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -2609,16 +2188,17 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice_subslice( a, (CLITERAL(core_ops_range_Range__size_t){ @@ -2630,10 +2210,10 @@ from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( return result; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -2642,9 +2222,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; @@ -2656,7 +2236,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -2667,36 +2247,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_4size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[4U][272U]; memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -2709,9 +2289,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[4U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -2719,13 +2299,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -2737,16 +2317,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[4U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t; static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { @@ -2761,8 +2341,8 @@ static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -2804,13 +2384,13 @@ sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVect sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -2850,76 +2430,77 @@ sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVect sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_PortableVector( + sample_from_binomial_distribution_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( randomness); return uu____0; } static inline void -ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_at_layer_7__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector t = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( re->coefficients[j], &t); re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector uu____1 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( re->coefficients[j], &t); re->coefficients[j] = uu____1; } } typedef struct - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector_s { - libcrux_ml_kem_vector_portable_PortableVector fst; - libcrux_ml_kem_vector_portable_PortableVector snd; -} __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector; - -static libcrux_ml_kem_vector_portable_PortableVector -montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t fer) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector snd; +} __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( v, fer); } -static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector -ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_portable_PortableVector t = - montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( +static inline __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector +ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector b, + int16_t zeta_r) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector t = + montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( b, zeta_r); - b = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + b = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( a, &t); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &t); return (CLITERAL( - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .fst = a, .snd = b}); } static inline void -ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2931,14 +2512,14 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( size_t step_vec = step / (size_t)16U; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_PortableVector( + ntt_layer_int_vec_step__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R [zeta_i[0U]]); - libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2946,30 +2527,30 @@ ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re->coefficients[round] = uu____0;); } static inline void -ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -2978,15 +2559,15 @@ ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( +ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -2999,45 +2580,50 @@ ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( self->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { - ntt_at_layer_7__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_7__libcrux_ml_kem_vector_portable_vector_type_PortableVector(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); +} + +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3051,45 +2637,45 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[4U]; memcpy( uu____2, re_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - out = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + out = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( &self->coefficients[i0], &rhs->coefficients[i0], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], @@ -3108,84 +2694,87 @@ ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } -static libcrux_ml_kem_vector_portable_PortableVector -to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_standard_domain__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } static inline void -add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - to_standard_domain__libcrux_ml_kem_vector_portable_PortableVector( - self->coefficients[j]); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + to_standard_domain__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + self->coefficients[j]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -3193,48 +2782,50 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__ -generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -3245,77 +2836,77 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____3, domain_separator) .fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A[4U][4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; A[i1][j] = A_transpose[j][i1];);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[4U]; memcpy( uu____4, t_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U][4U]; memcpy( uu____5, A, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t pk; memcpy( pk.t_as_ntt, uu____4, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], @@ -3327,48 +2918,110 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux pk.A_transpose, uu____5, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6[4U]; memcpy( uu____6, secret_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t sk; memcpy( sk.secret_as_ntt, uu____6, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return (CLITERAL( - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__){ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__){ .fst = sk, .snd = pk}); } +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___4size_t__ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__ uu____0 = - generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( key_generation_seed); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t sk = uu____0.fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t_1568size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____1, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1536size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( sk.secret_as_ntt, secret_key_serialized); uint8_t uu____2[1536U]; memcpy(uu____2, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); @@ -3380,14 +3033,6 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h return lit; } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -3449,7 +3094,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -3462,7 +3107,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); @@ -3490,49 +3135,15 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3546,26 +3157,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___4size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[4U]; memcpy( uu____2, error_1, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -3580,15 +3191,15 @@ static inline void PRF___4size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -3601,15 +3212,15 @@ invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -3618,41 +3229,42 @@ invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); re->coefficients[round] = uu____0;); } -static inline __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector -inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector a, - libcrux_ml_kem_vector_portable_PortableVector b, int16_t zeta_r) { - libcrux_ml_kem_vector_portable_PortableVector a_minus_b = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( +static inline __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector +inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector b, + int16_t zeta_r) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector a_minus_b = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( b, &a); - a = libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + a = libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( a, &b)); - b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_PortableVector( + b = montgomery_multiply_fe__libcrux_ml_kem_vector_portable_vector_type_PortableVector( a_minus_b, zeta_r); return (CLITERAL( - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector){ + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector){ .fst = a, .snd = b}); } static inline void -invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( +invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( size_t *zeta_i, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3666,14 +3278,14 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; - __libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_PortableVector( + inv_ntt_layer_int_vec_step_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R [zeta_i[0U]]); - libcrux_ml_kem_vector_portable_PortableVector x = uu____0.fst; - libcrux_ml_kem_vector_portable_PortableVector y = uu____0.snd; + libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; + libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -3681,78 +3293,81 @@ invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &error->coefficients[j])); self->coefficients[j] = uu____0; } } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -3760,168 +3375,179 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static libcrux_ml_kem_vector_portable_PortableVector -decompress_1__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_vector_portable_PortableVector v) { - return libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO(), +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(), &v), (int16_t)1665); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( - Eurydice_array_to_subslice( - (size_t)32U, serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)2U * i0, - .end = (size_t)2U * i0 + (size_t)2U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - decompress_1__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( + Eurydice_array_to_subslice( + (size_t)32U, serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)2U * i0, + .end = (size_t)2U * i0 + (size_t)2U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector tmp = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &message->coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector tmp0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( tmp0); result.coefficients[i0] = uu____0; } return result; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___10int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___10int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___10int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___10int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___10int32_t(v); } -static inline libcrux_ml_kem_vector_portable_PortableVector -compress___11int32_t(libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___11int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___11int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___11int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___11int32_t(v); } static inline void -compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___11int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)352U, serialized, @@ -3937,19 +3563,19 @@ compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352siz } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11__libcrux_ml_kem_vector_portable_PortableVector_352size_t( + compress_then_serialize_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector_352size_t( re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[4U], Eurydice_slice out) { for ( @@ -3958,13 +3584,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -3973,7 +3599,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t .end = (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t_352size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t_352size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -3982,37 +3608,40 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t } } -static inline libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___4int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___4int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___4int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___4int32_t(v); } static inline void -compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___4int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, @@ -4026,37 +3655,40 @@ compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector( } } -static inline libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___5int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = libcrux_ml_kem_vector_compress_ciphertext_coefficient( - (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); + int16_t uu____0 = + libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); v.elements[i0] = uu____0; } return v; } -static libcrux_ml_kem_vector_portable_PortableVector compress___5int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +compress___5int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return compress___5int32_t(v); } static inline void -compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficients = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = compress___5int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( coefficients, bytes); Eurydice_slice uu____0 = Eurydice_slice_subslice( serialized, @@ -4071,135 +3703,221 @@ compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector( } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t_160size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice out) { - compress_then_serialize_5__libcrux_ml_kem_vector_portable_PortableVector(re, - out); + compress_then_serialize_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re, out); } static void -encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t +encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[4U]; memcpy( error_1, uu____3.fst, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___4size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[4U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1408size_t_11size_t_352size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1408size_t_11size_t_352size_t( uu____5, Eurydice_array_to_subslice( (size_t)1568U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)1408U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t_160size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t_160size_t( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[1568U]; + memcpy(uu____3, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1536size_t_4size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret0, false, A_transpose); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[4U]; memcpy( uu____0, t_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[4U][4U]; memcpy( uu____1, A_transpose, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t public_key_unpacked; memcpy( public_key_unpacked.t_as_ntt, uu____0, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret1[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4210,20 +3928,20 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct public_key_unpacked.A_transpose, uu____1, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [4U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t *uu____2 = &public_key_unpacked; uint8_t uu____3[32U]; memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret2[1568U]; - encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, randomness, ret2); memcpy(ret, ret2, (size_t)1568U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4264,7 +3982,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4284,67 +4002,9 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4357,17 +4017,17 @@ decompress_ciphertext_coefficient___10int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___10int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___10int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4378,19 +4038,19 @@ deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)20U, .end = i0 * (size_t)20U + (size_t)20U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___10int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___11int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4403,17 +4063,17 @@ decompress_ciphertext_coefficient___11int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___11int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___11int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4424,56 +4084,61 @@ deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)22U, .end = i0 * (size_t)22U + (size_t)22U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___11int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_11__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4494,24 +4159,24 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_11size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_11size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)4U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___4int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4524,17 +4189,17 @@ decompress_ciphertext_coefficient___4int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___4int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___4int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4544,19 +4209,19 @@ deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)8U, .end = i0 * (size_t)8U + (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector coefficient = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( bytes); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_ciphertext_coefficient___4int32_t0(coefficient); re.coefficients[i0] = uu____0; } return re; } -static inline libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___5int32_t( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4569,17 +4234,17 @@ decompress_ciphertext_coefficient___5int32_t( return v; } -static libcrux_ml_kem_vector_portable_PortableVector +static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_ciphertext_coefficient___5int32_t0( - libcrux_ml_kem_vector_portable_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return decompress_ciphertext_coefficient___5int32_t(v); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4590,89 +4255,94 @@ deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( (CLITERAL(core_ops_range_Range__size_t){ .start = i0 * (size_t)10U, .end = i0 * (size_t)10U + (size_t)10U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( bytes); re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_portable_PortableVector uu____1 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient___5int32_t0(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_5__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_normal_form = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( self->coefficients[i0], &coefficient_normal_form)); b.coefficients[i0] = uu____0; } return b; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static inline void -compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re.coefficients[i0]); - libcrux_ml_kem_vector_portable_PortableVector coefficient_compressed = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - coefficient); + libcrux_ml_kem_vector_portable_vector_type_PortableVector + coefficient_compressed = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + coefficient); uint8_t bytes[2U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)32U, serialized, @@ -4687,56 +4357,29 @@ compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( } static void -decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t +decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_11size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_5size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_5size_t( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_4size_t( - secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__4size_t - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - uint8_t ret0[32U]; - decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - &secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - static inline void PRF___4size_t_32size_t(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; @@ -4746,8 +4389,166 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -4771,7 +4572,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -4812,7 +4613,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( @@ -4832,15 +4633,16 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1184size_t_3size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4853,9 +4655,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -4863,12 +4665,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4878,13 +4680,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)1152U, out, @@ -4894,7 +4696,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4905,8 +4707,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -4916,7 +4718,7 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4930,18 +4732,18 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152 memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1184size_t_3size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1184size_t_3size_t( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -4951,12 +4753,12 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ } typedef struct - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___s { - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t fst; - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t snd; -} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__; static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; @@ -4967,19 +4769,20 @@ static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____3size_t_s { @@ -5026,7 +4829,7 @@ static inline void shake128_squeeze_three_blocks___3size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_504size_t( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -5042,7 +4845,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -5080,7 +4883,7 @@ static inline void shake128_squeeze_block___3size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_168size_t( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -5096,7 +4899,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -5120,10 +4923,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -5132,9 +4935,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; @@ -5146,7 +4949,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -5157,36 +4960,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_3size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[3U][272U]; memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -5199,9 +5002,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[3U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -5209,13 +5012,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -5227,16 +5030,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[3U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t; static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { @@ -5251,14 +5054,15 @@ static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5272,84 +5076,86 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -5357,48 +5163,50 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__ -generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -5409,77 +5217,77 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____3, domain_separator) .fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A[3U][3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; A[i1][j] = A_transpose[j][i1];);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[3U]; memcpy( uu____4, t_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U][3U]; memcpy( uu____5, A, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t pk; memcpy( pk.t_as_ntt, uu____4, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], @@ -5491,24 +5299,24 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux pk.A_transpose, uu____5, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6[3U]; memcpy( uu____6, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t sk; memcpy( sk.secret_as_ntt, uu____6, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return (CLITERAL( - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__){ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__){ .fst = sk, .snd = pk}); } @@ -5520,8 +5328,8 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t -libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -5533,18 +5341,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__ uu____0 = - generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( ind_cpa_keypair_randomness); - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____1, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -5553,13 +5361,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable H___3size_t(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t uu____2 = ind_cpa_private_key; - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t uu____3 = ind_cpa_public_key; uint8_t uu____4[32U]; memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t lit; lit.private_key = uu____2; lit.public_key = uu____3; @@ -5575,26 +5383,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable } static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___3size_t__ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__ uu____0 = - generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( key_generation_seed); - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t sk = uu____0.fst; - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t_1184size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____1, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1152size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( sk.secret_as_ntt, secret_key_serialized); uint8_t uu____2[1152U]; memcpy(uu____2, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5667,7 +5475,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -5680,7 +5488,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); @@ -5708,14 +5516,15 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5729,26 +5538,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___3size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[3U]; memcpy( uu____2, error_1, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -5763,58 +5572,60 @@ static inline void PRF___3size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -5822,74 +5633,77 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } static inline void -compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector coefficient = + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = compress___10int32_t0( - to_unsigned_representative__libcrux_ml_kem_vector_portable_PortableVector( + to_unsigned_representative__libcrux_ml_kem_vector_portable_vector_type_PortableVector( re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)320U, serialized, @@ -5905,19 +5719,19 @@ compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320siz } static inline void -compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10__libcrux_ml_kem_vector_portable_PortableVector_320size_t( + compress_then_serialize_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector_320size_t( re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[3U], Eurydice_slice out) { for ( @@ -5926,13 +5740,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -5941,7 +5755,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t .end = (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -5951,89 +5765,89 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t } static inline void -compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re, Eurydice_slice out) { - compress_then_serialize_4__libcrux_ml_kem_vector_portable_PortableVector(re, - out); + compress_then_serialize_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re, out); } static void -encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; memcpy( error_1, uu____3.fst, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___3size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[3U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_960size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_960size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)1088U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)960U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -6041,8 +5855,8 @@ encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *public_key, Eurydice_slice public_key_hash, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6065,12 +5879,12 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_Port K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____0.fst; Eurydice_slice pseudorandomness = uu____0.snd; - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *uu____1 = public_key; uint8_t uu____2[32U]; memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____1, uu____2, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6091,15 +5905,16 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_Port } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6112,9 +5927,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -6122,49 +5937,49 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_1152size_t_3size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret0, false, A_transpose); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[3U]; memcpy( uu____0, t_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[3U][3U]; memcpy( uu____1, A_transpose, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t public_key_unpacked; memcpy( public_key_unpacked.t_as_ntt, uu____0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret1[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6175,20 +5990,20 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct public_key_unpacked.A_transpose, uu____1, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [3U])); - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *uu____2 = &public_key_unpacked; uint8_t uu____3[32U]; memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret2[1088U]; - encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, randomness, ret2); memcpy(ret, ret2, (size_t)1088U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6229,7 +6044,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6249,46 +6064,51 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto return lit; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } static inline void -ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, re); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -6309,76 +6129,79 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_4__libcrux_ml_kem_vector_portable_vector_type_PortableVector( serialized); return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static void -decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_10size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6392,12 +6215,12 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( &key_pair->private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -6439,12 +6262,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable PRF___3size_t_32size_t( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t *uu____3 = &key_pair->public_key; uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____3, uu____4, pseudorandomness, expected_ciphertext); Eurydice_slice uu____5 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( @@ -6464,15 +6287,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6485,9 +6309,9 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -6495,37 +6319,37 @@ deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( ret, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[3U]; memcpy( uu____0, secret_as_ntt, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[32U]; - decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( &secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -6549,7 +6373,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -6590,7 +6414,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( @@ -6610,15 +6434,16 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable } static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_800size_t_2size_t( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6631,9 +6456,9 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( ring_element); deserialized_pk[i0] = uu____0; } @@ -6641,12 +6466,12 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector ret, deserialized_pk, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6656,13 +6481,13 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice( (size_t)768U, out, @@ -6672,7 +6497,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -6683,8 +6508,8 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s } static inline void -serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; @@ -6694,7 +6519,7 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, @@ -6708,18 +6533,18 @@ serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768s memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } -bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( +bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector deserialized_pk[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_800size_t_2size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_800size_t_2size_t( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -6729,27 +6554,12 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ } typedef struct - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; -} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t; - -typedef struct - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - A_transpose[2U][2U]; -} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t; - -typedef struct - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___s { - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t snd; -} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__; static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; @@ -6760,19 +6570,20 @@ static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } typedef struct PortableHash____2size_t_s { @@ -6819,7 +6630,7 @@ static inline void shake128_squeeze_three_blocks___2size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_504size_t( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6835,7 +6646,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -6873,7 +6684,7 @@ static inline void shake128_squeeze_block___2size_t( } static inline bool -sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( +sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_168size_t( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6889,7 +6700,7 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe .end = r * (size_t)24U + (size_t)24U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); size_t sampled = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( uu____0, Eurydice_array_to_subslice( (size_t)272U, out[i1], @@ -6913,10 +6724,10 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVe return done; } -static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( +static libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( int16_t s[272U]) { - return from_i16_array__libcrux_ml_kem_vector_portable_PortableVector( + return from_i16_array__libcrux_ml_kem_vector_portable_vector_type_PortableVector( Eurydice_array_to_subslice((size_t)272U, s, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)256U}), @@ -6925,9 +6736,9 @@ closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct } static inline void -sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( +sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; @@ -6939,7 +6750,7 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_504size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_504size_t( uu____1, sampled_coefficients, out); while (true) { if (done) { @@ -6950,36 +6761,36 @@ sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); done = - sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_PortableVector_2size_t_168size_t( + sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_168size_t( uu____2, sampled_coefficients, out); } } int16_t uu____3[2U][272U]; memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, ret0[i] = - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t0( uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static inline void -sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( +sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -6992,9 +6803,9 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sampled[2U]; - sample_from_xof__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_from_xof__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( uu____1, sampled); for ( size_t i = (size_t)0U; @@ -7002,13 +6813,13 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; @@ -7020,16 +6831,16 @@ sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_ha ret, A_transpose, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); } typedef struct - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector fst[2U]; uint8_t snd; -} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t; +} __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t; static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { @@ -7044,25 +6855,26 @@ static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_slice randomness) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0; uu____0 = - sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_PortableVector( + sample_from_binomial_distribution_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( randomness); return uu____0; } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t -sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t +sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re_as_ntt[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + re_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -7076,84 +6888,86 @@ sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcru PRFxN___2size_t_192size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_3size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_PortableVector( + ntt_binomially_sampled_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } static inline void -add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_PortableVector, Eurydice_slice), - libcrux_ml_kem_vector_portable_PortableVector, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; - libcrux_ml_kem_vector_portable_PortableVector uu____0 = - libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( self->coefficients[i0], &rhs->coefficients[i0]); self->coefficients[i0] = uu____0; } } static inline void -compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = matrix_A[i1]; for ( size_t i = (size_t)0U; @@ -7161,48 +6975,50 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - matrix_element, &s_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + matrix_element, &s_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1], &product); } - add_standard_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_standard_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } static void -closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret0[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); memcpy( ret, ret0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__ -generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -7213,77 +7029,77 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____2 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____2.snd; uint8_t uu____3[33U]; memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____3, domain_separator) .fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U]; - compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A[2U][2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - closure__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; A[i1][j] = A_transpose[j][i1];);); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[2U]; memcpy( uu____4, t_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U][2U]; memcpy( uu____5, A, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t pk; memcpy( pk.t_as_ntt, uu____4, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], @@ -7295,48 +7111,110 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux pk.A_transpose, uu____5, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6[2U]; memcpy( uu____6, secret_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t sk; memcpy( sk.secret_as_ntt, uu____6, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return (CLITERAL( - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__){ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__){ .fst = sk, .snd = pk}); } +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { - __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_PortableVector___2size_t__ + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__ uu____0 = - generate_keypair_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( key_generation_seed); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t sk = uu____0.fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_800size_t( + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____1, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t( + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( sk.secret_as_ntt, secret_key_serialized); uint8_t uu____2[768U]; memcpy(uu____2, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); @@ -7348,14 +7226,6 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h return lit; } -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -7417,7 +7287,7 @@ serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___ } libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t -libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( +libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( (size_t)64U, randomness, @@ -7430,7 +7300,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); @@ -7458,41 +7328,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable uu____4)); } -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -7506,14 +7341,15 @@ static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + error_1[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -7527,26 +7363,26 @@ sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_m PRFxN___2size_t_128size_t(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); lit.snd = domain_separator; return lit; } @@ -7561,58 +7397,60 @@ static inline void PRF___2size_t_128size_t(Eurydice_slice input, } static inline void -invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_PortableVector(&zeta_i, - re); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_2__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_3__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &zeta_i, re); + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_PortableVector( + invert_ntt_at_layer_4_plus__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &zeta_i, re, (size_t)7U); - poly_barrett_reduce__libcrux_ml_kem_vector_portable_PortableVector(re); + poly_barrett_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + re); } static inline void -compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector ( +compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ( *a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector result[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + result[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for ( size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U], size_t); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *row = a_as_ntt[i1]; for ( size_t i = (size_t)0U; @@ -7620,62 +7458,65 @@ compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - a_element, &r_as_ntt[j]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + a_element, &r_as_ntt[j]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1], &product); } - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result[i1]); - add_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( &result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result); result = - add_message_error_reduce__libcrux_ml_kem_vector_portable_PortableVector( + add_message_error_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( error_2, message, result); return result; } static void -compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector input[2U], Eurydice_slice out) { for ( @@ -7684,13 +7525,13 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice( out, @@ -7699,7 +7540,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t .end = (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U)}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t_320size_t( + compress_then_serialize_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t_320size_t( &re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -7709,126 +7550,212 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t } static void -encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t +encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____1 = - sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + sample_vector_cbd_then_ntt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t + __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t__uint8_t uu____3 = - sample_ring_element_cbd__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( + sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_128size_t_2size_t( uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[2U]; memcpy( error_1, uu____3.fst, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; PRF___2size_t_128size_t( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_2 = - sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + sample_from_binomial_distribution__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[2U]; - compute_vector_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message_as_ring_element = - deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_PortableVector( + deserialize_then_decompress_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = compute_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - compress_then_serialize_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_640size_t_10size_t_320size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_640size_t_10size_t_320size_t( uu____5, Eurydice_array_to_subslice( (size_t)768U, ciphertext, (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = (size_t)640U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____6 = v; - compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t_128size_t( + compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_128size_t( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[768U]; + memcpy(uu____3, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + static void -encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_PortableVector_768size_t_2size_t( + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from( public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret0, false, A_transpose); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[2U]; memcpy( uu____0, t_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1[2U][2U]; memcpy( uu____1, A_transpose, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t public_key_unpacked; memcpy( public_key_unpacked.t_as_ntt, uu____0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret1[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -7839,20 +7766,20 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct public_key_unpacked.A_transpose, uu____1, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector [2U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t *uu____2 = &public_key_unpacked; uint8_t uu____3[32U]; memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret2[768U]; - encrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, randomness, ret2); memcpy(ret, ret2, (size_t)768U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7893,7 +7820,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7914,50 +7841,16 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto } static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); -} - -static inline void -deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( +deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO__libcrux_ml_kem_vector_portable_PortableVector();); + u_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7978,106 +7871,217 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2si LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u__libcrux_ml_kem_vector_portable_PortableVector_10size_t( + ntt_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_10size_t( &u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector -compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - result = ZERO__libcrux_ml_kem_vector_portable_PortableVector(); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + result = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - product = ntt_multiply__libcrux_ml_kem_vector_portable_PortableVector( - &secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + product = + ntt_multiply__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result, &product);); - invert_ntt_montgomery__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + invert_ntt_montgomery__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &result); result = - subtract_reduce__libcrux_ml_kem_vector_portable_PortableVector(v, result); + subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + v, result); return result; } static void -decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t +decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; - deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_10size_t( + deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector - v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_PortableVector_4size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + v = deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = - compute_message__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message__libcrux_ml_kem_vector_portable_PortableVector( + compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + static void -decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_PortableVector_2size_t( + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0[2U]; memcpy( uu____0, secret_as_ntt, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__2size_t + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[32U]; - decrypt_unpacked__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( &secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___2size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -8102,7 +8106,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( @@ -8143,7 +8147,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____5, uu____6, pseudorandomness, expected_ciphertext); Eurydice_slice uu____7 = libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c1c24d4b6..4003dc617 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_mlkem_portable_H @@ -27,313 +27,381 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - -typedef struct libcrux_ml_kem_vector_portable_PortableVector_s { +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_PortableVector; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_zero(void); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ZERO( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO( void); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_from_i16_array(Eurydice_slice array); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___from_i16_array( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___from_i16_array( Eurydice_slice array); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___add( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___sub( - libcrux_ml_kem_vector_portable_PortableVector lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___cond_subtract_3329( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_MULTIPLIER ((int32_t)20159) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT ((int32_t)26) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_BARRETT_R \ - ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -int16_t libcrux_ml_kem_vector_barrett_reduce_element(int16_t value); +int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___barrett_reduce( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT (16U) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -#define LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_MONTGOMERY_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -int16_t libcrux_ml_kem_vector_montgomery_reduce_element(int32_t value); +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value); -int16_t libcrux_ml_kem_vector_montgomery_multiply_fe_by_fer(int16_t fe, - int16_t fer); +int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t c); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t r); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -uint8_t libcrux_ml_kem_vector_compress_message_coefficient(uint16_t fe); +uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector libcrux_ml_kem_vector_compress_1( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___compress_1( - libcrux_ml_kem_vector_portable_PortableVector v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v); -uint32_t libcrux_ml_kem_vector_get_n_least_significant_bits(uint8_t n, - uint32_t value); +uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value); -int16_t libcrux_ml_kem_vector_compress_ciphertext_coefficient( +int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta0, +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, int16_t zeta1); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector v, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_PortableVector a, int16_t zeta); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); typedef struct K___int16_t_int16_t_s { int16_t fst; int16_t snd; } K___int16_t_int16_t; -K___int16_t_int16_t libcrux_ml_kem_vector_ntt_multiply_binomials( +K___int16_t_int16_t libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( K___int16_t_int16_t _, K___int16_t_int16_t _0, int16_t zeta); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___ntt_multiply( - libcrux_ml_kem_vector_portable_PortableVector *lhs, - libcrux_ml_kem_vector_portable_PortableVector *rhs, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -void libcrux_ml_kem_vector_serialize_1( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_1( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_1(Eurydice_slice v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_1( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_1( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_4( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_4( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_4(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_4( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_4( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_5( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_5( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_5(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_5( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_5( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_10( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_10( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_10(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_10( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_10( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_11( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_11( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_11(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_11( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_11( Eurydice_slice a); -void libcrux_ml_kem_vector_serialize_12( - libcrux_ml_kem_vector_portable_PortableVector v, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]); -void libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___serialize_12( - libcrux_ml_kem_vector_portable_PortableVector a, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_deserialize_12(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___deserialize_12( +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( Eurydice_slice a); -size_t libcrux_ml_kem_vector_rej_sample(Eurydice_slice a, - Eurydice_slice result); +size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( + Eurydice_slice a, Eurydice_slice result); size_t -libcrux_ml_kem_vector___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__PortableVector___rej_sample( +libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___rej_sample( Eurydice_slice a, Eurydice_slice out); -libcrux_ml_kem_vector_portable_PortableVector -libcrux_ml_kem_vector_portable___core__clone__Clone_for_libcrux_ml_kem__vector__portable__PortableVector___clone( - libcrux_ml_kem_vector_portable_PortableVector *self); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type___core__clone__Clone_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___clone( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *self); typedef struct - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_s { - libcrux_ml_kem_vector_portable_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector; typedef struct - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[4U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A_transpose[4U][4U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector secret_as_ntt[3U]; -} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; typedef struct - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector t_as_ntt[3U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; -} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[2U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A_transpose[2U][2U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; typedef struct - libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t_s { - libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t private_key; - libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t public_key; uint8_t public_key_hash[32U]; uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_PortableVector__3size_t; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 8c30c04e5..3f2613c81 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 2d157e392..3c4230c09 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,2034 +1,111 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" #include "internal/libcrux_core.h" -static inline core_core_arch_x86___m256i zero(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static inline core_core_arch_x86___m256i _veor5q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)1, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)63, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vrax1q_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_x86___m256i rotate_left1_and_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_x86___m256i _vbcaxq_u64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -static inline core_core_arch_x86___m256i and_not_xor( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_x86___m256i _veorq_n_u64( - core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -static inline core_core_arch_x86___m256i xor_constant( - core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - a[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - a[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = uu____1; - ret[2U] = uu____2; - ret[3U] = Eurydice_slice_subslice(a[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, - Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = - core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ -split_at_mut_n(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t -new__core_core_arch_x86___m256i_4size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)41, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)23, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)18, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)46, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)10, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)54, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)45, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)19, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)62, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)2, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)6, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)58, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)15, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)49, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)61, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)3, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)28, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)36, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)55, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)9, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)21, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)43, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)27, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)37, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)20, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)44, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)39, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)25, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)8, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)56, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( - core_core_arch_x86___m256i x) { - core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( - (int32_t)14, x, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)50, x, core_core_arch_x86___m256i)); -} - -static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_x86___m256i uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_x86___m256i uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_x86___m256i uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_x86___m256i c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_x86___m256i uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_x86___m256i uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_x86___m256i uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_x86___m256i uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_x86___m256i uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_x86___m256i uu____0 = and_not_xor( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - size_t i) { - core_core_arch_x86___m256i uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s) { - KRML_MAYBE_FOR24(i, (size_t)0U, (size_t)24U, (size_t)1U, size_t i0 = i; - theta_rho__core_core_arch_x86___m256i_4size_t(s); - pi__core_core_arch_x86___m256i_4size_t(s); - chi__core_core_arch_x86___m256i_4size_t(s); - iota__core_core_arch_x86___m256i_4size_t(s, i0);); -} - -static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; +inline void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = { - uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____4[200U]; - memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____5[200U]; - memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____6[200U]; - memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____7[200U]; - memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - uint8_t ret0[4U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(&s); - uint8_t b[4U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - s = new__core_core_arch_x86___m256i_4size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, - ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, - out); - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - return new__core_core_arch_x86___m256i_4size_t(); -} - -static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i uu____0 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; - core_core_arch_x86___m256i uu____1 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; - core_core_arch_x86___m256i uu____2 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; - core_core_arch_x86___m256i uu____3 = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice(blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice(blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice(blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice( - (size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice(blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - core_core_arch_x86___m256i uu____8 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - s[i0][j0] = uu____8; - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____9 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, - .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____10 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____10, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____11 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____11, - Eurydice_slice_subslice( - blocks[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____12 = Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____12, - Eurydice_slice_subslice( - blocks[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start + (size_t)8U, .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - core_core_arch_x86___m256i uu____13 = - libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - s[i][j] = uu____13; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -inline void -libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_x86___m256i(*uu____1)[5U] = s->st; - uint8_t uu____2[4U][200U]; - memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_x86___m256i_4size_t(s); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[2U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice(out[3U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)32U * i0, - .end = (size_t)32U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)8U, .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U, .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice((size_t)32U, u8s, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)24U, .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); - Eurydice_slice uu____6 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice((size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____8 = Eurydice_slice_subslice( - out[2U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____8, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, - .end = (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____9 = Eurydice_slice_subslice( - out[3U], - (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, - .end = start + (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____9, - Eurydice_array_to_subslice( - (size_t)32U, u8s0, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, - .end = (size_t)32U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - keccakf1600__core_core_arch_x86___m256i_4size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - store_block___168size_t0(s->st, out); + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); +} + +inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out[4U]) { - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); - K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); - squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( - s, buf); +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { + Prims_string buf[1U] = { + "not implemented: The target architecture does not support neon " + "instructions."}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); + core_fmt_rt_Argument ret[0U]; + core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); + LowStar_Ignore_ignore( + core_fmt__core__fmt__Arguments__a__2__new_v1( + uu____0, Eurydice_array_to_slice( + (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), + core_fmt_Arguments, void *); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 0df37341c..9ef69a0a4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_avx2_H @@ -15,38 +15,32 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; +#include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState4; + +libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, - Eurydice_slice data3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, + Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *s, - Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, - Eurydice_slice out3); + libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, + Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 19ea68a29..df62eb1e3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_internal_H @@ -877,11 +877,13 @@ static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( static inline void libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { - KRML_MAYBE_FOR24(i, (size_t)0U, (size_t)24U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); - libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0);); + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_pi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_chi__uint64_t_1size_t(s); + libcrux_sha3_generic_keccak_iota__uint64_t_1size_t(s, i0); + } } static inline void diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h index a0a03d28e..818e0acac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_libcrux_ml_kem_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 8f1181f36..667d7904c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,187 +1,2887 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #include "libcrux_sha3_neon.h" #include "internal/libcrux_core.h" -inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline libcrux_sha3_neon_x2_incremental_KeccakState2 +static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = Eurydice_slice_subslice(a[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, + Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ +split_at_mut_n(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t(uu____0, uu____1); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___36int32_t_28int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___3int32_t_61int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___41int32_t_23int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___18int32_t_46int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___1int32_t_63int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___44int32_t_20int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___10int32_t_54int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___45int32_t_19int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___2int32_t_62int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___62int32_t_2int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___6int32_t_58int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___43int32_t_21int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___15int32_t_49int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___61int32_t_3int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___28int32_t_36int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___55int32_t_9int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___25int32_t_39int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___21int32_t_43int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___56int32_t_8int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___27int32_t_37int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___20int32_t_44int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___39int32_t_25int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___8int32_t_56int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate___14int32_t_50int32_t( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_arm_shared_neon_uint64x2_t uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_arm_shared_neon_uint64x2_t uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_arm_shared_neon_uint64x2_t uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_arm_shared_neon_uint64x2_t uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_arm_shared_neon_uint64x2_t uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], + void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( + i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + size_t i) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void +keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); + } +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___72size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___72size_t(uu____0, buf); +} + +static inline void load_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)72U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___72size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___72size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___72size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___72size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___72size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___72size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___72size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___72size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___72size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( + s, o1); + } + } +} + +static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___72size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___136size_t_6uint8_t(uu____0, buf); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( + s, o1); + } + } +} + +static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( + uu____0, out); +} + +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2___136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -inline void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); +} + +static inline void load_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block_full___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___168size_t(uu____0, buf); +} + +static inline void load_block_full___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___168size_t0(s->st, out); +} + +static inline void +squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o0); + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o1); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( + s, buf); +} + +static inline void load_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___144size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___144size_t(uu____0, buf); +} + +static inline void load_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)144U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___144size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___144size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___144size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___144size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___144size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___144size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___144size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___144size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___144size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( + s, o1); + } + } +} + +static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___144size_t_6uint8_t(uu____0, buf); +} + +static inline void load_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_intrinsics_arm64__veorq_u64( + uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t ret[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst0, ret); + uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); + u[0U] = uu____4; + uint8_t ret0[8U]; + core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( + dst, ret0); + uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); + u[1U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = uu____6; + } +} + +static inline void load_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t(uu____0, uu____1); +} + +static inline void +absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block___104size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void load_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, + Eurydice_slice)}; + load_block___104size_t(uu____0, buf); +} + +static inline void load_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 6U; + blocks[i0][(size_t)104U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; + uint8_t uu____2[2U][200U]; + memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full___104size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); +} + +static inline void store_block___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U * i0, + .end = (size_t)16U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice( + (size_t)16U, u, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___104size_t( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block___104size_t(uu____0, buf); + uint8_t uu____2[200U]; + memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + uint8_t ret0[2U][200U]; + store_block_full___104size_t(a, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full___104size_t0(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___104size_t0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block___104size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); + store_block___104size_t0(s->st, out); +} + +static inline void +squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s, + Eurydice_slice out[2U]) { + keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); + uint8_t b[2U][200U]; + store_block_full___104size_t0(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, out); + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____4 = split_at_mut_n(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ + uu____5 = split_at_mut_n(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + &s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( + s, o1); + } + } +} + +static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( + uu____0, out); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice uu____1 = digest; + Eurydice_slice buf[2U] = { + uu____1, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2___104size_t_6uint8_t(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 51e3b941a..f8b0db637 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice + --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: 0e2a116d KaRaMeL version: 018dcd1d */ #ifndef __libcrux_sha3_neon_H @@ -17,6 +17,11 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -24,24 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState2; - -libcrux_sha3_neon_x2_incremental_KeccakState2 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, - Eurydice_slice data1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, - Eurydice_slice out1); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t + *s, + Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 2caa820c5..5c2874097 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -4,6 +4,7 @@ use super::{ constants::*, ind_cca::*, types::{unpacked::*, *}, + vector::traits::VectorType, *, }; @@ -51,9 +52,9 @@ pub type MlKem1024PublicKey = MlKemPublicKey; pub type MlKem1024KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 1024 Public key -pub type MlKem1024PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem1024PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 1024 Key pair -pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 107726ffa..d4ceacd5e 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -3,6 +3,7 @@ use super::{ constants::*, ind_cca::*, types::{unpacked::*, *}, + vector::traits::VectorType, *, }; @@ -48,9 +49,9 @@ pub type MlKem512PublicKey = MlKemPublicKey; pub type MlKem512KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 512 Public key -pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 512 Key pair -pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 66b05dfd6..752ecd146 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -5,6 +5,7 @@ use super::{ constants::*, ind_cca::*, types::{unpacked::*, *}, + vector::traits::VectorType, *, }; @@ -51,9 +52,9 @@ pub type MlKem768PublicKey = MlKemPublicKey; pub type MlKem768KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 768 Public key -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; +pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; +pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. macro_rules! instantiate { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index b58c244ce..35e9f91ea 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -3,10 +3,6 @@ pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R -/// Internal vectors. -/// -/// Used in the unpacked API. - pub trait Operations: Copy + Clone { #[allow(non_snake_case)] fn ZERO() -> Self; @@ -84,3 +80,10 @@ pub fn to_unsigned_representative(a: T) -> T { pub fn decompress_1(v: T) -> T { T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) } + +/// Internal vectors. +/// +/// Used in the unpacked API. +pub trait VectorType: Operations {} + +impl VectorType for T {} \ No newline at end of file From aff58bb8957c370ed8788325f5089fd3f9c105a6 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 27 Jun 2024 16:13:31 +0200 Subject: [PATCH 15/31] added documentation --- libcrux-ml-kem/src/lib.rs | 1 + libcrux-ml-kem/src/mlkem1024.rs | 13 ++++++++++++- libcrux-ml-kem/src/mlkem512.rs | 13 ++++++++++++- libcrux-ml-kem/src/mlkem768.rs | 13 ++++++++++++- libcrux-ml-kem/src/types.rs | 6 +++--- 5 files changed, 40 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index 2a431fdb5..4f90b23b8 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -40,6 +40,7 @@ #![forbid(unsafe_code)] #![warn(rust_2018_idioms, unused_lifetimes, unused_qualifications)] #![allow(clippy::needless_range_loop)] +#![warn(missing_docs)] #[cfg(feature = "std")] extern crate std; diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 5c2874097..bbd35db05 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -59,6 +59,7 @@ pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked { + /// Provides $modp implementations of ML-KEM 1024 pub mod $modp { use super::*; use $p as p; @@ -150,7 +151,7 @@ macro_rules! instantiate { >(private_key, ciphertext) } - // Unpacked API + /// Generate ML-KEM 1024 Key Pair in "unpacked" form pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem1024KeyPairUnpacked<$vec> { @@ -165,6 +166,11 @@ macro_rules! instantiate { >(randomness) } + /// Encapsulate ML-KEM 1024 (unpacked) + /// + /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked<$vec>`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem1024PublicKeyUnpacked<$vec>, public_key_hash: &[u8], @@ -187,6 +193,11 @@ macro_rules! instantiate { >(public_key, public_key_hash, randomness) } + /// Decapsulate ML-KEM 1024 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked<$vec>`] + /// and an [`MlKem1024Ciphertext`]. pub fn decapsulate_unpacked( private_key: &MlKem1024KeyPairUnpacked<$vec>, ciphertext: &MlKem1024Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index d4ceacd5e..7fb1972ad 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -56,6 +56,7 @@ pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked { + /// Provides $modp implementations of ML-KEM 512 pub mod $modp { use super::*; use $p as p; @@ -145,7 +146,7 @@ macro_rules! instantiate { >(private_key, ciphertext) } - // Unpacked API + /// Generate ML-KEM 512 Key Pair in "unpacked" form pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem512KeyPairUnpacked<$vec> { @@ -160,6 +161,11 @@ macro_rules! instantiate { >(randomness) } + /// Encapsulate ML-KEM 512 (unpacked) + /// + /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked<$vec>`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem512PublicKeyUnpacked<$vec>, public_key_hash: &[u8], @@ -182,6 +188,11 @@ macro_rules! instantiate { >(public_key, public_key_hash, randomness) } + /// Decapsulate ML-KEM 512 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked<$vec>`] + /// and an [`MlKem512Ciphertext`]. pub fn decapsulate_unpacked( private_key: &MlKem512KeyPairUnpacked<$vec>, ciphertext: &MlKem512Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 752ecd146..b5af6ef11 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -59,6 +59,7 @@ pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked { + /// Provides $modp implementations of ML-KEM 768 pub mod $modp { use super::*; use $p as p; @@ -148,7 +149,7 @@ macro_rules! instantiate { >(private_key, ciphertext) } - // Unpacked API + /// Generate ML-KEM 768 Key Pair in "unpacked" form pub fn generate_key_pair_unpacked( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKem768KeyPairUnpacked<$vec> { @@ -163,6 +164,11 @@ macro_rules! instantiate { >(randomness) } + /// Encapsulate ML-KEM 768 (unpacked) + /// + /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked<$vec>`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem768PublicKeyUnpacked<$vec>, public_key_hash: &[u8], @@ -185,6 +191,11 @@ macro_rules! instantiate { >(public_key, public_key_hash, randomness) } + /// Decapsulate ML-KEM 768 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked<$vec>`] + /// and an [`MlKem768Ciphertext`]. pub fn decapsulate_unpacked( private_key: &MlKem768KeyPairUnpacked<$vec>, ciphertext: &MlKem768Ciphertext, diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index a3003f64a..3722f48d3 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -196,19 +196,19 @@ pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; /// An unpacked ML-KEM Private Key - pub struct MlKemPrivateKeyUnpacked { + pub(crate) struct MlKemPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } /// An unpacked ML-KEM Public Key - pub struct MlKemPublicKeyUnpacked { + pub(crate) struct MlKemPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], pub(crate) A_transpose: [[PolynomialRingElement; K]; K], } /// An unpacked ML-KEM KeyPair - pub struct MlKemKeyPairUnpacked { + pub(crate) struct MlKemKeyPairUnpacked { pub private_key: MlKemPrivateKeyUnpacked, pub public_key: MlKemPublicKeyUnpacked, pub public_key_hash: [u8; 32], From 870bee29d1278c5954a6143d5807ec353f908f3d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 27 Jun 2024 18:20:04 +0200 Subject: [PATCH 16/31] fmt --- libcrux-ml-kem/src/mlkem1024.rs | 2 +- libcrux-ml-kem/src/mlkem512.rs | 4 ++-- libcrux-ml-kem/src/mlkem768.rs | 3 +-- libcrux-ml-kem/src/vector/traits.rs | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index fac81b0f8..0982be033 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -223,7 +223,7 @@ macro_rules! instantiate { } /// Encapsulate ML-KEM 1024 (unpacked) - /// + /// /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked<$vec>`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index ba54d9838..d51966346 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -218,7 +218,7 @@ macro_rules! instantiate { } /// Encapsulate ML-KEM 512 (unpacked) - /// + /// /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked<$vec>`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -271,7 +271,7 @@ macro_rules! instantiate { ETA2_RANDOMNESS_SIZE, IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) - } + } } }; } diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index e30f06a04..cdcd329f6 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -221,7 +221,7 @@ macro_rules! instantiate { } /// Encapsulate ML-KEM 768 (unpacked) - /// + /// /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked<$vec>`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -275,7 +275,6 @@ macro_rules! instantiate { IMPLICIT_REJECTION_HASH_INPUT_SIZE, >(private_key, ciphertext) } - } }; } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 35e9f91ea..8c5c865bb 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -86,4 +86,4 @@ pub fn decompress_1(v: T) -> T { /// Used in the unpacked API. pub trait VectorType: Operations {} -impl VectorType for T {} \ No newline at end of file +impl VectorType for T {} From a74573adde32d875efd74ee820e8ff10a76aba21 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 27 Jun 2024 18:20:57 +0200 Subject: [PATCH 17/31] regenerated c code --- libcrux-ml-kem/c/internal/libcrux_core.h | 6 - .../c/internal/libcrux_mlkem_neon.h | 46 + .../c/internal/libcrux_mlkem_portable.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 34 + libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 16 + libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 135 ++ libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 63 + libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 12 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 33 + libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 16 + libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2143 ++++++++++++----- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 75 + libcrux-ml-kem/c/libcrux_mlkem_portable.c | 316 ++- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 62 - libcrux-ml-kem/c/libcrux_sha3_avx2.h | 1 - 15 files changed, 2201 insertions(+), 769 deletions(-) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 9356f2178..030dedf41 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -15,12 +15,6 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" -extern void core_fmt_rt__core__fmt__rt__Argument__a__1__none( - core_fmt_rt_Argument *x0); - -extern core_fmt_Arguments core_fmt__core__fmt__Arguments__a__2__new_v1( - Eurydice_slice x0, Eurydice_slice x1); - #define CORE_NUM__U32_8__BITS (32U) static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 8915c212b..0fa6c3eb7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -20,15 +20,30 @@ extern "C" { bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -36,15 +51,30 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -52,15 +82,31 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index de51029f0..5b8a23af3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -41,7 +41,7 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect Eurydice_slice public_key_hash, uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); @@ -50,7 +50,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -72,7 +72,7 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect Eurydice_slice public_key_hash, uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); @@ -81,7 +81,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -103,7 +103,7 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect Eurydice_slice public_key_hash, uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index b7cd6975a..70e9f3eb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -17,6 +17,17 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -28,6 +39,20 @@ libcrux_ml_kem_mlkem1024_neon_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -36,6 +61,15 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t +libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index a4ee49a6d..0aa5bc675 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -15,19 +15,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_mlkem512_neon.h" +#include "libcrux_mlkem_neon.h" void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t +libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 46ec1bb1b..d7fc45875 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -29,6 +29,28 @@ void libcrux_ml_kem_mlkem512_neon_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -51,6 +73,34 @@ libcrux_ml_kem_mlkem512_neon_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { @@ -68,6 +118,24 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( @@ -97,6 +165,15 @@ bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_11 public_key); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -106,6 +183,20 @@ libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t uu____0); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -117,6 +208,16 @@ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184 uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -132,6 +233,15 @@ bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_15 public_key); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -141,6 +251,20 @@ libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t uu____0); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -152,6 +276,17 @@ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568 uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 869fc7a62..2968c1436 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -14,6 +14,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_neon.h" void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, @@ -25,6 +26,18 @@ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -35,6 +48,18 @@ libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); @@ -42,6 +67,14 @@ libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___2size_t_768size_t_ libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t +libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]); + bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key); @@ -52,15 +85,30 @@ libcrux_ml_kem_mlkem512_neon_validate_public_key( bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -68,15 +116,30 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___3size_t_2400size_t bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 284cbe901..866b2b88e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -14,7 +14,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___2size_t_1632si libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -58,7 +58,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___2size_t_768size_t_8 libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____0, uu____1); } @@ -204,7 +204,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___4size_t_1568size_t_ libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -224,7 +224,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___4size_t_3168si libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -274,7 +274,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate___3size_t_1088size_t_ libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -292,7 +292,7 @@ void libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate___3size_t_2400si libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index eccf2c366..b55fc536e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -16,6 +16,16 @@ void libcrux_ml_kem_mlkem768_neon_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -27,6 +37,20 @@ libcrux_ml_kem_mlkem768_neon_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -35,6 +59,15 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t +libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 1c5ff9ad4..dc8d0b97f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -15,19 +15,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_mlkem512_neon.h" +#include "libcrux_mlkem_neon.h" void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t +libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 3f1c6d45c..17106bb15 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -1670,7 +1670,7 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD static inline void serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - key[3U], + *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for ( @@ -1708,7 +1708,7 @@ serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size static inline void serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - t_as_ntt[3U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -1716,16 +1716,9 @@ serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); uint8_t ret0[1152U]; serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -1747,12 +1740,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vect uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( uu____0, @@ -1763,6 +1751,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vect (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t__; + static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( @@ -2607,8 +2603,24 @@ compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -2621,10 +2633,10 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -2658,6 +2670,16 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m t_as_ntt[3U]; compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____4[3U]; memcpy( @@ -2665,27 +2687,51 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____5[3U]; + uu____5[3U][3U]; memcpy( - uu____5, secret_as_ntt, + uu____5, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + pk; + memcpy( + pk.t_as_ntt, uu____4, (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6[3U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + sk; + memcpy( + sk.secret_as_ntt, uu____6, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t__){ + .fst = sk, .snd = pk}); } static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -2696,6 +2742,92 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t_1184size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1152size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[1152U]; + memcpy(uu____2, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____2, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -2798,54 +2930,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_ uu____4)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -3622,23 +3706,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_S } static void -encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -3682,7 +3753,7 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector u[3U]; compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3691,7 +3762,7 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____5[3U]; @@ -3715,104 +3786,264 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -static inline void -kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( - Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); uint8_t hashed[64U]; G___3size_t( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[1088U]; + memcpy(uu____3, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____4 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( - uu____4); - uint8_t shared_secret_array[32U]; - kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( - shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); return lit; } -static inline core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, - core_core_arch_arm_shared_neon_uint32x4_t); - return decompressed1; -} - -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[3U][3U]; + memcpy( + uu____1, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [3U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)1088U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t___10int32_t(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + core_core_arch_arm_shared_neon_uint32x4_t decompressed1 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, + core_core_arch_arm_shared_neon_uint32x4_t); + return decompressed1; +} + +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); core_core_arch_arm_shared_neon_uint32x4_t low00 = @@ -4225,65 +4456,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_ty return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector subtract_reduce__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4361,8 +4533,10 @@ compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128V } static void -decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector u_as_ntt[3U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_10size_t( @@ -4372,14 +4546,10 @@ decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector message = compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( message, ret0); @@ -4400,7 +4570,164 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( + uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + re = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__neon__vector_type__SIMD128Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -4532,7 +4859,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD12 static inline void serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - key[4U], + *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for ( @@ -4570,7 +4897,7 @@ serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size static inline void serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - t_as_ntt[4U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -4578,16 +4905,9 @@ serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); uint8_t ret0[1536U]; serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -4609,12 +4929,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vect uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( uu____0, @@ -4625,6 +4940,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vect (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t__; + static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( @@ -5123,8 +5446,24 @@ compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -5137,10 +5476,10 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -5174,6 +5513,16 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m t_as_ntt[4U]; compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____4[4U]; memcpy( @@ -5181,27 +5530,51 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____5[4U]; + uu____5[4U][4U]; + memcpy( + uu____5, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); - return lit; + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6[4U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + sk; + memcpy( + sk.secret_as_ntt, uu____6, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t__){ + .fst = sk, .snd = pk}); } static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -5212,6 +5585,92 @@ static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t_1568size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1536size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[1536U]; + memcpy(uu____2, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____2, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -5314,54 +5773,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_ uu____4)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -5623,23 +6034,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_S } static void -encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -5683,7 +6081,7 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector u[4U]; compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5692,7 +6090,7 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____5[4U]; @@ -5716,6 +6114,166 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[1568U]; + memcpy(uu____3, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[4U][4U]; + memcpy( + uu____1, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [4U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)1568U * sizeof(uint8_t)); +} + static inline void kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { @@ -5884,42 +6442,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_neon_vector_ty return uu____0; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5947,8 +6469,10 @@ compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( } static void -decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector u_as_ntt[4U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_11size_t( @@ -5958,14 +6482,10 @@ decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector message = compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( message, ret0); @@ -5986,65 +6506,200 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &key_pair->private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; G___4size_t( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, - to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array___1600size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, + uu____2, libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; PRF___4size_t_32size_t( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); @@ -6119,7 +6774,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD12 static inline void serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - key[2U], + *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for ( @@ -6157,7 +6812,7 @@ serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size static inline void serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - t_as_ntt[2U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -6165,16 +6820,9 @@ serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); uint8_t ret0[768U]; serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -6196,12 +6844,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vect uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( uu____0, @@ -6212,6 +6855,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_neon_vect (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + snd; +} __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t__; + static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( @@ -6679,8 +7330,24 @@ compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +static void +closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + memcpy( + ret, ret0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -6693,10 +7360,10 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret0); sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - ret, true, A_transpose); + ret0, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, prf_input); @@ -6730,6 +7397,16 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m t_as_ntt[2U]; compute_As_plus_e__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + A[i1][j] = A_transpose[j][i1];);); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____4[2U]; memcpy( @@ -6737,27 +7414,51 @@ generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_m (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____5[2U]; + uu____5[2U][2U]; + memcpy( + uu____5, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(pk.seed_for_A, ret, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A_transpose, uu____5, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____6[2U]; + memcpy( + uu____6, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + sk; + memcpy( + sk.secret_as_ntt, uu____6, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t__){ + .fst = sk, .snd = pk}); } static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -6768,6 +7469,92 @@ static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_3size_t_192size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + pk = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + *uu____1 = pk.t_as_ntt; + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_800size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____2[768U]; + memcpy(uu____2, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____3[800U]; + memcpy(uu____3, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____2, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____3, (size_t)800U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -6870,54 +7657,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_neon_vector_type_ uu____4)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -7157,23 +7896,10 @@ compress_then_serialize_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_ } static void -encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -7217,7 +7943,7 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector u[2U]; compute_vector_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A_transpose, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7226,7 +7952,7 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v = compute_ring_element_v__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____5[2U]; @@ -7250,6 +7976,166 @@ encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_has memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[768U]; + memcpy(uu____3, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t( + ret0, false, A_transpose); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____1[2U][2U]; + memcpy( + uu____1, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret1[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret1); + memcpy(public_key_unpacked.seed_for_A, ret1, (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A_transpose, uu____1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + [2U])); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *uu____2 = &public_key_unpacked; + uint8_t uu____3[32U]; + memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret2[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, randomness, ret2); + memcpy(ret, ret2, (size_t)768U * sizeof(uint8_t)); +} + static inline void kdf__libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { @@ -7374,42 +8260,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vec libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7437,8 +8287,10 @@ compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( } static void -decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector u_as_ntt[2U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_10size_t( @@ -7448,14 +8300,10 @@ decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_ Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector message = compute_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( message, ret0); @@ -7476,6 +8324,141 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_libcrux_ml_kem_hash_functions_neon_Simd128Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 0d427dbd8..0d54abb73 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -293,6 +293,81 @@ typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[3U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[3U][3U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[4U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[4U][4U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + secret_as_ntt[2U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + A_transpose[2U][2U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector__2size_t; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index a0938d9bb..716972238 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1691,72 +1691,61 @@ libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_ inline size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option__Eurydice_slice_uint8_t uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next( - &iter, uint8_t, core_option_Option__Eurydice_slice_uint8_t); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - int16_t uu____8 = d1; - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - uu____8; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + size_t i0 = i; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + int16_t uu____7 = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + uu____7; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; } - continue; } + continue; } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; } } } @@ -3842,6 +3831,18 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect return lit; } +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( Eurydice_slice public_key, @@ -3940,13 +3941,30 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke memcpy(ret, ret2, (size_t)1568U * sizeof(uint8_t)); } +static inline void +kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -3980,20 +3998,19 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_P public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; @@ -4547,7 +4564,7 @@ decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568s memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4592,7 +4609,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, @@ -4605,10 +4622,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF___4size_t_32size_t( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); @@ -4622,10 +4639,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, + uu____9, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -5904,6 +5930,18 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect return lit; } +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( Eurydice_slice public_key, @@ -6002,13 +6040,30 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke memcpy(ret, ret2, (size_t)1088U * sizeof(uint8_t)); } +static inline void +kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6042,20 +6097,19 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_P public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; @@ -6349,7 +6403,7 @@ decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088s memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -6393,7 +6447,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, @@ -6406,10 +6460,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF___3size_t_32size_t( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); @@ -6423,10 +6477,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, + uu____9, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -7680,6 +7743,18 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect return lit; } +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( Eurydice_slice public_key, @@ -7778,13 +7853,30 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke memcpy(ret, ret2, (size_t)768U * sizeof(uint8_t)); } +static inline void +kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -7818,20 +7910,19 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_P public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types_MlKemCiphertext____768size_t ciphertext0 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; @@ -8081,7 +8172,7 @@ decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768si memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -8126,7 +8217,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, @@ -8139,10 +8230,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF___2size_t_32size_t( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); @@ -8156,10 +8247,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, + uu____9, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 3c4230c09..dfb3d485f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,24 +7,10 @@ #include "libcrux_sha3_avx2.h" -#include "internal/libcrux_core.h" - inline void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -32,18 +18,6 @@ inline void libcrux_sha3_avx2_x4_shake256( inline libcrux_sha3_avx2_x4_incremental_KeccakState4 libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -52,18 +26,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_init(void) { inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -72,18 +34,6 @@ inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -93,18 +43,6 @@ inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Prims_string buf[1U] = { - "not implemented: The target architecture does not support neon " - "instructions."}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)1U, buf, Prims_string, Eurydice_slice); - core_fmt_rt_Argument ret[0U]; - core_fmt_rt__core__fmt__rt__Argument__a__1__none(ret); - LowStar_Ignore_ignore( - core_fmt__core__fmt__Arguments__a__2__new_v1( - uu____0, Eurydice_array_to_slice( - (size_t)0U, ret, core_fmt_rt_Argument, Eurydice_slice)), - core_fmt_Arguments, void *); KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9ef69a0a4..259c6bb54 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -14,7 +14,6 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" #include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, From 3d5027405016aa97d94b9418aa54a07bcc9bfdb3 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 27 Jun 2024 18:24:02 +0200 Subject: [PATCH 18/31] fixed test --- libcrux-ml-kem/c/tests/mlkem768.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index c44f3f8bc..0d0f74558 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -214,7 +214,7 @@ TEST(MlKem768TestPortableUnpacked, ConsistencyTest) auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), randomness2); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked(&key_pair, &ctxt.fst, sharedSecret2); EXPECT_EQ(0, memcmp(ctxt.snd, @@ -362,7 +362,7 @@ TEST(MlKem768TestPortableUnpacked, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked(&key_pair, &ctxt.fst, sharedSecret2); EXPECT_EQ(0, memcmp(ctxt.snd, From 8bbbcba3fc1a138e27d32807b9a5ea861f0cae2f Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 1 Jul 2024 12:35:09 +0200 Subject: [PATCH 19/31] avx2 C code refresh --- libcrux-ml-kem/c/benches/mlkem768.cc | 4 +- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 58 +- .../c/internal/libcrux_mlkem_avx2.h | 49 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 48 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 120 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 53 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1001 ++++-- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 56 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 521 ++- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2053 +++++++++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2908 +---------------- libcrux-ml-kem/c/libcrux_sha3_neon.h | 33 +- libcrux-ml-kem/c/tests/mlkem768.cc | 2 +- 35 files changed, 3810 insertions(+), 3317 deletions(-) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index a49187c7d..ed785ea23 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -112,7 +112,7 @@ kyber768_decapsulation_unpacked(benchmark::State &state) for (auto _ : state) { - libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked(&key_pair, &ctxt.fst, sharedSecret2); } } @@ -272,7 +272,7 @@ kyber768_decapsulation_avx2_unpacked(benchmark::State &state) for (auto _ : state) { - libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked(&key_pair, &ctxt.fst, sharedSecret2); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 43e3c72b6..48604c8bf 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: Charon: ae55966c01a1a4b185a1a34da7861ba5db74c8ad Eurydice: bbfd102bbfbc3e4c362953f093dbfd65e2fbc10c -Karamel: 018dcd1d71f37472c517822aa6bd275263a6dcaa -F*: 0e2a116da266fbe1dbb81b414002d0afac6819b3 +Karamel: 42a431696cd32d41155d7e484720eb71fd5dc7b1 +F*: f09228ef9a64ac4ef383ee0e10656ccb612db2ee diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 030dedf41..d5e5f8b43 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_core_H @@ -17,7 +17,7 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t x0[4U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -171,10 +171,44 @@ void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, uint8_t ret[64U]); -typedef struct core_option_Option__Eurydice_slice_uint8_t_s { - core_option_Option__size_t_tags tag; - Eurydice_slice f0; -} core_option_Option__Eurydice_slice_uint8_t; +typedef struct + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]); + +typedef struct + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]); + +typedef struct + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]); typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { @@ -190,10 +224,10 @@ void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_arr int16_t ret[16U]); typedef struct - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t__s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t__s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 7adb3d146..e14ef2137 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -36,7 +36,7 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256V Eurydice_slice public_key_hash, uint8_t randomness[32U]); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); @@ -45,39 +45,70 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIM *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 5b8a23af3..5e2ca3cbb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 38b5afdff..01c4ca99c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 0363128b2..8e4e0d5a5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 02b9b7bfd..8f159af51 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "internal/libcrux_core.h" @@ -338,6 +338,48 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + void core_result__core__result__Result_T__E___unwrap__int16_t_16size_t__core_array_TryFromSliceError( core_result_Result__int16_t_16size_t__core_array_TryFromSliceError self, int16_t ret[16U]) { diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 8bccd9104..8479cc61a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 035bc1287..aecc7ff99 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 4fd0afc3d..04ea37d53 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem1024_avx2.h" @@ -17,6 +17,17 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -28,6 +39,20 @@ libcrux_ml_kem_mlkem1024_avx2_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -36,6 +61,15 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 4e7116b39..b465cabdb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -15,19 +15,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_mlkem512_avx2.h" +#include "libcrux_mlkem_avx2.h" void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index c59c9ebc7..0b393ce8d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 0eb57183c..83053f5a0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 7277f70d8..e124f3c61 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index a390827f9..ab9f3feb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem512_avx2.h" @@ -14,7 +14,7 @@ void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___2size_t_1632size_t libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -29,6 +29,28 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -36,7 +58,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800si libcrux_ml_kem_types_MlKemPublicKey____800size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____0, uu____1); } @@ -51,6 +73,34 @@ libcrux_ml_kem_mlkem512_avx2_encapsulate( uu____0, uu____1); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { @@ -68,6 +118,24 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( @@ -136,7 +204,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___3size_t_1088size_t_1184 libcrux_ml_kem_types_MlKemPublicKey____1184size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } @@ -154,7 +222,7 @@ void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -165,6 +233,15 @@ bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_15 public_key); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -174,6 +251,20 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t uu____0); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____0 = public_key; + Eurydice_slice uu____1 = public_key_hash; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1, uu____2); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -181,16 +272,27 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568 libcrux_ml_kem_types_MlKemPublicKey____1568size_t *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + return libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____0, uu____1); } +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t ret0[32U]; - libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( private_key, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 66b336aa2..f684b4a05 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem512_avx2_H @@ -26,6 +26,18 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + +void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -36,6 +48,18 @@ libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); @@ -43,6 +67,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___2size_t_768size_t_ libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]); + bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key); @@ -84,15 +116,30 @@ void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___3size_t_2400size_t bool libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 866b2b88e..c27cc0d51 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 26aca4e8c..d9d834f8f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 7dab3285d..628dcfd94 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 5d6fe8409..65809be08 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem768_avx2.h" @@ -16,7 +16,7 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable( +void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 684427ce5..38a9c4719 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem768_avx2_H @@ -21,7 +21,7 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable( +void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 538d1e143..73b415549 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index a78ad166e..d768b8f02 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 1a77b0f60..20c81453e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "internal/libcrux_mlkem_avx2.h" @@ -618,10 +618,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)1 << 15U, (int16_t)1 << 8U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)1 << 15U); + (int16_t)-32768); core_core_arch_x86___m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); return libcrux_intrinsics_avx2_mm256_srli_epi16( @@ -3754,6 +3754,18 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256V return lit; } +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static inline void deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( Eurydice_slice public_key, @@ -3851,13 +3863,30 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ret2, (size_t)1088U * sizeof(uint8_t)); } +static inline void +kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -3891,20 +3920,19 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; @@ -4603,7 +4631,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_1 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = @@ -4647,7 +4675,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, @@ -4660,10 +4688,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF___3size_t_32size_t( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); @@ -4677,10 +4705,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( uu____7, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, + uu____9, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -4806,26 +4843,12 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -typedef struct - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; -} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; - -typedef struct - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; -} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; - typedef struct __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___s { - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + snd; } __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__; static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { @@ -5397,7 +5420,8 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_k sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t pk; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + pk; memcpy( pk.t_as_ntt, uu____4, (size_t)4U * @@ -5423,7 +5447,8 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_k (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t sk; + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + sk; memcpy( sk.secret_as_ntt, uu____6, (size_t)4U * @@ -5434,6 +5459,68 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_k .fst = sk, .snd = pk}); } +static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { @@ -5441,10 +5528,10 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f uu____0 = generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( key_generation_seed); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t sk = uu____0.fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t pk = - uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + pk = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1568U]; @@ -5466,14 +5553,6 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f return lit; } -static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -5576,41 +5655,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uu____4)); } -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -5858,7 +5902,7 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector static void encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5937,6 +5981,103 @@ encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[1568U]; + memcpy(uu____3, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + static void encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, @@ -5970,7 +6111,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t public_key_unpacked; memcpy( public_key_unpacked.t_as_ntt, uu____0, @@ -5989,7 +6130,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [4U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t *uu____2 = &public_key_unpacked; uint8_t uu____3[32U]; memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); @@ -5999,13 +6140,30 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ret2, (size_t)1568U * sizeof(uint8_t)); } +static inline void +kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6039,20 +6197,19 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; @@ -6061,44 +6218,9 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib return lit; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( - Eurydice_slice serialized) { +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_then_decompress_ring_element_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_11size_t( + Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____0; uu____0 = @@ -6207,7 +6329,7 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( static void decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6229,6 +6351,122 @@ decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_14 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static inline void PRF___4size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( + uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + static void decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { @@ -6243,7 +6481,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, uu____0, @@ -6256,16 +6494,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___4size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6310,7 +6539,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, @@ -6323,10 +6552,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF___4size_t_32size_t( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); @@ -6340,10 +6569,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( uu____7, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, + uu____9, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -6469,26 +6707,12 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -typedef struct - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; -} MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; - -typedef struct - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; -} MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; - typedef struct __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___s { - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + snd; } __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__; static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { @@ -7053,7 +7277,8 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_k sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t pk; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + pk; memcpy( pk.t_as_ntt, uu____4, (size_t)2U * @@ -7079,7 +7304,8 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_k (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t sk; + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + sk; memcpy( sk.secret_as_ntt, uu____6, (size_t)2U * @@ -7090,6 +7316,68 @@ generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_k .fst = sk, .snd = pk}); } +static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_sha256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *uu____1 = ind_cpa_public_key.t_as_ntt; + uint8_t pk_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + uu____1, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + uu____2 = ind_cpa_private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + uu____3 = ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + lit; + lit.private_key = uu____2; + lit.public_key = uu____3; + memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + uint8_t ret[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret); + memcpy(lit.implicit_rejection_value, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { @@ -7097,10 +7385,10 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f uu____0 = generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( key_generation_seed); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t sk = uu____0.fst; - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t pk = - uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + pk = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[800U]; @@ -7122,14 +7410,6 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f return lit; } -static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -7232,41 +7512,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uu____4)); } -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -7500,7 +7745,7 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640s static void encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7579,6 +7824,103 @@ encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + Eurydice_slice public_key_hash, uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)64U, to_hash, + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, + uint8_t, size_t, Eurydice_slice), + public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____0.fst; + Eurydice_slice pseudorandomness = uu____0.snd; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____1 = public_key; + uint8_t uu____2[32U]; + memcpy(uu____2, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____1, uu____2, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____3[768U]; + memcpy(uu____3, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____4 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____3); + uint8_t uu____5[32U]; + memcpy(uu____5, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____4; + memcpy(lit.snd, uu____5, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + static void encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, @@ -7612,7 +7954,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t public_key_unpacked; memcpy( public_key_unpacked.t_as_ntt, uu____0, @@ -7631,7 +7973,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector [2U])); - MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t *uu____2 = &public_key_unpacked; uint8_t uu____3[32U]; memcpy(uu____3, message, (size_t)32U * sizeof(uint8_t)); @@ -7641,13 +7983,30 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ret2, (size_t)768U * sizeof(uint8_t)); } +static inline void +kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t ret0[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -7681,20 +8040,19 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types_MlKemCiphertext____768size_t ciphertext0 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; @@ -7703,41 +8061,6 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib return lit; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline void deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( uint8_t *ciphertext, @@ -7808,7 +8131,7 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( static void decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7830,6 +8153,122 @@ decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static inline void PRF___2size_t_32size_t(Eurydice_slice input, + uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + &key_pair->private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t( + Eurydice_array_to_slice((size_t)32U, key_pair->implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____3 = &key_pair->public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( + uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + Eurydice_slice uu____6 = shared_secret; + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + uu____6, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + static void decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { @@ -7844,7 +8283,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10 (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, uu____0, @@ -7857,16 +8296,7 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10 memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -static inline void PRF___2size_t_32size_t(Eurydice_slice input, - uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { @@ -7911,7 +8341,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice shared_secret = uu____3.fst; + Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, @@ -7924,10 +8354,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; + uint8_t implicit_rejection_shared_secret0[32U]; PRF___2size_t_32size_t( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); @@ -7941,10 +8371,19 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( uu____7, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____8 = shared_secret; + uint8_t implicit_rejection_shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( + shared_secret0, shared_secret); + Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, + uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____8, + uu____9, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 3096b4862..a7354a89c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 22425a93 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem_avx2_H @@ -311,6 +311,56 @@ typedef struct uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[4U][4U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A_transpose[2U][2U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + public_key; + uint8_t public_key_hash[32U]; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 716972238..2b77f5361 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "internal/libcrux_mlkem_portable.h" @@ -44,6 +44,521 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 4003dc617..5b8523397 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_mlkem_portable_H @@ -27,6 +27,10 @@ extern "C" { #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3f2613c81..06eaedd42 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index dfb3d485f..10b22fbaa 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,49 +1,2036 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" -inline void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +#include "internal/libcrux_core.h" + +static inline core_core_arch_x86___m256i zero(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static inline core_core_arch_x86___m256i _veor5q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +static inline core_core_arch_x86___m256i xor5(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +static inline core_core_arch_x86___m256i rotate_left___1int32_t_63int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)1, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)63, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vrax1q_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, rotate_left___1int32_t_63int32_t(b)); +} + +static inline core_core_arch_x86___m256i rotate_left1_and_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static inline core_core_arch_x86___m256i _vbcaxq_u64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +static inline core_core_arch_x86___m256i and_not_xor( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static inline core_core_arch_x86___m256i _veorq_n_u64( + core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +static inline core_core_arch_x86___m256i xor_constant( + core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +static inline core_core_arch_x86___m256i xor0(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static inline void slice_4(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0 = Eurydice_slice_subslice( + a[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + a[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + a[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + ret[0U] = uu____0; + ret[1U] = uu____1; + ret[2U] = uu____2; + ret[3U] = Eurydice_slice_subslice(a[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + len}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice); +} + +static inline void slice_n(Eurydice_slice a[4U], size_t start, size_t len, + Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____3 = + core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +static inline K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ +split_at_mut_n(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t +new__core_core_arch_x86___m256i_4size_t(void) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + lit; + lit.st[0U][0U] = zero(); + lit.st[0U][1U] = zero(); + lit.st[0U][2U] = zero(); + lit.st[0U][3U] = zero(); + lit.st[0U][4U] = zero(); + lit.st[1U][0U] = zero(); + lit.st[1U][1U] = zero(); + lit.st[1U][2U] = zero(); + lit.st[1U][3U] = zero(); + lit.st[1U][4U] = zero(); + lit.st[2U][0U] = zero(); + lit.st[2U][1U] = zero(); + lit.st[2U][2U] = zero(); + lit.st[2U][3U] = zero(); + lit.st[2U][4U] = zero(); + lit.st[3U][0U] = zero(); + lit.st[3U][1U] = zero(); + lit.st[3U][2U] = zero(); + lit.st[3U][3U] = zero(); + lit.st[3U][4U] = zero(); + lit.st[4U][0U] = zero(); + lit.st[4U][1U] = zero(); + lit.st[4U][2U] = zero(); + lit.st[4U][3U] = zero(); + lit.st[4U][4U] = zero(); + return lit; +} + +static inline void load_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } +} + +static inline void load_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t(uu____0, uu____1); +} + +static inline core_core_arch_x86___m256i rotate_left___36int32_t_28int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___36int32_t_28int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___36int32_t_28int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___36int32_t_28int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___3int32_t_61int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___3int32_t_61int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___3int32_t_61int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___3int32_t_61int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___41int32_t_23int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)41, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)23, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___41int32_t_23int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___41int32_t_23int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___41int32_t_23int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___18int32_t_46int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)18, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)46, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___18int32_t_46int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___18int32_t_46int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___18int32_t_46int32_t(a, b); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___1int32_t_63int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___1int32_t_63int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___1int32_t_63int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___44int32_t_20int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___44int32_t_20int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___44int32_t_20int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___44int32_t_20int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___10int32_t_54int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)10, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)54, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___10int32_t_54int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___10int32_t_54int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___10int32_t_54int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___45int32_t_19int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)45, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)19, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___45int32_t_19int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___45int32_t_19int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___45int32_t_19int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___2int32_t_62int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___2int32_t_62int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___2int32_t_62int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___2int32_t_62int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___62int32_t_2int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)62, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)2, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___62int32_t_2int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___62int32_t_2int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___62int32_t_2int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___6int32_t_58int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)6, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)58, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___6int32_t_58int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___6int32_t_58int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___6int32_t_58int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___43int32_t_21int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___43int32_t_21int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___43int32_t_21int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___43int32_t_21int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___15int32_t_49int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)15, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)49, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___15int32_t_49int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___15int32_t_49int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___15int32_t_49int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___61int32_t_3int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)61, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)3, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___61int32_t_3int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___61int32_t_3int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___61int32_t_3int32_t(a, b); } -inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +static inline core_core_arch_x86___m256i rotate_left___28int32_t_36int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)28, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)36, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___28int32_t_36int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___28int32_t_36int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___28int32_t_36int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___55int32_t_9int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)55, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)9, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___55int32_t_9int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___55int32_t_9int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___55int32_t_9int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___25int32_t_39int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___25int32_t_39int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___25int32_t_39int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___25int32_t_39int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___21int32_t_43int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)21, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)43, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___21int32_t_43int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___21int32_t_43int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___21int32_t_43int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___56int32_t_8int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___56int32_t_8int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___56int32_t_8int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___56int32_t_8int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___27int32_t_37int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)27, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)37, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___27int32_t_37int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___27int32_t_37int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___27int32_t_37int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___20int32_t_44int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)20, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)44, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___20int32_t_44int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___20int32_t_44int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___20int32_t_44int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___39int32_t_25int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)39, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)25, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___39int32_t_25int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___39int32_t_25int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___39int32_t_25int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___8int32_t_56int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)8, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)56, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___8int32_t_56int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___8int32_t_56int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___8int32_t_56int32_t(a, b); +} + +static inline core_core_arch_x86___m256i rotate_left___14int32_t_50int32_t( + core_core_arch_x86___m256i x) { + core_core_arch_x86___m256i uu____0 = libcrux_intrinsics_avx2_mm256_slli_epi64( + (int32_t)14, x, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)50, x, core_core_arch_x86___m256i)); +} + +static inline core_core_arch_x86___m256i _vxarq_u64___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left___14int32_t_50int32_t(ab); +} + +static inline core_core_arch_x86___m256i xor_and_rotate___14int32_t_50int32_t( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64___14int32_t_50int32_t(a, b); +} + +static inline void theta_rho__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i uu____0 = + xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]); + core_core_arch_x86___m256i uu____1 = + xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]); + core_core_arch_x86___m256i uu____2 = + xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]); + core_core_arch_x86___m256i uu____3 = + xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]); + core_core_arch_x86___m256i c[5U] = { + uu____0, uu____1, uu____2, uu____3, + xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____4 = + rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____5 = + rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____6 = + rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____7 = + rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____4, uu____5, uu____6, uu____7, + rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + core_core_arch_x86___m256i uu____8 = xor0(s->st[0U][0U], t[0U]); + s->st[0U][0U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____27; + core_core_arch_x86___m256i uu____28 = + xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____28; + core_core_arch_x86___m256i uu____29 = + xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____29; + core_core_arch_x86___m256i uu____30 = + xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____30; + core_core_arch_x86___m256i uu____31 = + xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____31; + core_core_arch_x86___m256i uu____32 = + xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____32; +} + +static inline void pi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)5U, s->st, old, core_core_arch_x86___m256i[5U], void *); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +static inline void chi__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + core_core_arch_x86___m256i uu____0 = and_not_xor( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + s->st[i1][j] = uu____0;);); +} + +static inline void iota__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + size_t i) { + core_core_arch_x86___m256i uu____0 = xor_constant( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); + s->st[0U][0U] = uu____0; +} + +static inline void keccakf1600__core_core_arch_x86___m256i_4size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho__core_core_arch_x86___m256i_4size_t(s); + pi__core_core_arch_x86___m256i_4size_t(s); + chi__core_core_arch_x86___m256i_4size_t(s); + iota__core_core_arch_x86___m256i_4size_t(s, i0); + } +} + +static inline void absorb_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block___136size_t0(uu____0, uu____1); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void load_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___136size_t(uu____0, buf); +} + +static inline void load_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t(uu____0, uu____1); +} + +static inline void +absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)136U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___136size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +static inline void store_block___136size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block_full___136size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = { + uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block___136size_t(uu____0, buf); + uint8_t uu____4[200U]; + memcpy(uu____4, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____5[200U]; + memcpy(uu____5, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____6[200U]; + memcpy(uu____6, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____7[200U]; + memcpy(uu____7, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____4, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____5, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____6, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____7, (size_t)200U * sizeof(uint8_t)); +} + +static inline void store_block_full___136size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + uint8_t ret0[4U][200U]; + store_block_full___136size_t(a, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(uint8_t[200U])); +} + +static inline void +squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full___136size_t0(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void store_block___136size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___136size_t(a, b); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___136size_t0(s->st, out); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___136size_t0(s->st, out); +} + +static inline void squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(&s); + uint8_t b[4U][200U]; + store_block_full___136size_t0(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range__size_t lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *);); +} + +static inline void +keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + s = new__core_core_arch_x86___m256i_4size_t(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block__core_core_arch_x86___m256i_4size_t_136size_t(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); + absorb_final__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(uu____2, + ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last__core_core_arch_x86___m256i_4size_t_136size_t(&s, + out); + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____4 = split_at_mut_n(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o0); + core_ops_range_Range__size_t iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range__size_t, core_ops_range_Range__size_t); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option__size_t) + .tag == core_option_None) { + break; + } else { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ + uu____5 = split_at_mut_n(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_136size_t(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last__core_core_arch_x86___m256i_4size_t_136size_t(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak__core_core_arch_x86___m256i_4size_t_136size_t_31uint8_t(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new__core_core_arch_x86___m256i_4size_t(); +} + +static inline void load_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i uu____0 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = uu____0; + core_core_arch_x86___m256i uu____1 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = uu____1; + core_core_arch_x86___m256i uu____2 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = uu____2; + core_core_arch_x86___m256i uu____3 = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = uu____3; + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice(blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice(blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice(blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice( + (size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice(blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start, .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + core_core_arch_x86___m256i uu____8 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = uu____8; + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____9 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, + .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_slice_subslice( + blocks[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____10 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____10, + Eurydice_slice_subslice( + blocks[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____11 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____11, + Eurydice_slice_subslice( + blocks[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____12 = Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____12, + Eurydice_slice_subslice( + blocks[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = start + (size_t)8U, .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + core_core_arch_x86___m256i uu____13 = + libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = uu____13; + } } -inline void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, - Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static inline void load_block_full___168size_t( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s; + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice); + Eurydice_slice buf[4U] = {uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block___168size_t(uu____0, buf); } -inline void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static inline void load_block_full___168size_t0( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t(uu____0, uu____1); } inline void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice( + (size_t)200U, blocks[i0], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = last_len}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], + uint8_t, void *); + blocks[i0][last_len] = 31U; + blocks[i0][(size_t)168U - (size_t)1U] = + (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); + core_core_arch_x86___m256i(*uu____1)[5U] = s->st; + uint8_t uu____2[4U][200U]; + memcpy(uu____2, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full___168size_t0(uu____1, uu____2); + keccakf1600__core_core_arch_x86___m256i_4size_t(s); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3) { + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final__core_core_arch_x86___m256i_4size_t_168size_t_31uint8_t( + s, buf); +} + +static inline void store_block___168size_t(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[0U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[1U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[2U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice(out[3U], + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)32U * i0, + .end = (size_t)32U * (i0 + (size_t)1U)}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + Eurydice_slice uu____0 = + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____0, s[i0][j0]); + Eurydice_slice uu____1 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)8U, .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)16U, .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start, + .end = start + (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice((size_t)32U, u8s, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)24U, .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8(uu____5, s[i][j]); + Eurydice_slice uu____6 = Eurydice_slice_subslice( + out[0U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice((size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, .end = (size_t)8U}), + uint8_t, core_ops_range_Range__size_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_slice_subslice( + out[1U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, + .end = (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____8 = Eurydice_slice_subslice( + out[2U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____8, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)16U, + .end = (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____9 = Eurydice_slice_subslice( + out[3U], + (CLITERAL(core_ops_range_Range__size_t){.start = start + (size_t)8U, + .end = start + (size_t)16U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____9, + Eurydice_array_to_subslice( + (size_t)32U, u8s0, + (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)24U, + .end = (size_t)32U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice), + uint8_t, void *); + } +} + +static inline void store_block___168size_t0(core_core_arch_x86___m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block___168size_t(a, b); +} + +static inline void +squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + keccakf1600__core_core_arch_x86___m256i_4size_t(s); + store_block___168size_t0(s->st, out); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, buf); +} + +static inline void +squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + store_block___168size_t0(s->st, out); +} + +inline void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out[4U]) { + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____0 = + split_at_mut_n(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o0); + K___Eurydice_slice_uint8_t_4size_t__Eurydice_slice_uint8_t_4size_t_ uu____1 = + split_at_mut_n(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o1); + squeeze_next_block__core_core_arch_x86___m256i_4size_t_168size_t(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3) { + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks__core_core_arch_x86___m256i_4size_t_168size_t( + s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 259c6bb54..b6697bbc7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_avx2_H @@ -14,32 +14,39 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +typedef struct + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState4_s { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState4; - -libcrux_sha3_avx2_x4_incremental_KeccakState4 +libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t libcrux_sha3_avx2_x4_incremental_shake128_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice data0, - Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, + Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); + libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t + *s, + Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, + Eurydice_slice out3); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index df62eb1e3..a32d29910 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 667d7904c..f36816787 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,2887 +1,77 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -static inline core_core_arch_arm_shared_neon_uint64x2_t zero(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, rotate_left___1int32_t_63int32_t(b)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t rotate_left1_and_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t and_not_xor( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t _veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor_constant( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t xor0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static inline void slice_2(Eurydice_slice a[2U], size_t start, size_t len, - Eurydice_slice ret[2U]) { - Eurydice_slice uu____0 = Eurydice_slice_subslice( - a[0U], - (CLITERAL(core_ops_range_Range__size_t){.start = start, - .end = start + len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - ret[0U] = uu____0; - ret[1U] = Eurydice_slice_subslice(a[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = start, .end = start + len}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice); -} - -static inline void slice_n(Eurydice_slice a[2U], size_t start, size_t len, - Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -static inline K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ -split_at_mut_n(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -static inline libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t -new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(void) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - lit; - lit.st[0U][0U] = zero(); - lit.st[0U][1U] = zero(); - lit.st[0U][2U] = zero(); - lit.st[0U][3U] = zero(); - lit.st[0U][4U] = zero(); - lit.st[1U][0U] = zero(); - lit.st[1U][1U] = zero(); - lit.st[1U][2U] = zero(); - lit.st[1U][3U] = zero(); - lit.st[1U][4U] = zero(); - lit.st[2U][0U] = zero(); - lit.st[2U][1U] = zero(); - lit.st[2U][2U] = zero(); - lit.st[2U][3U] = zero(); - lit.st[2U][4U] = zero(); - lit.st[3U][0U] = zero(); - lit.st[3U][1U] = zero(); - lit.st[3U][2U] = zero(); - lit.st[3U][3U] = zero(); - lit.st[3U][4U] = zero(); - lit.st[4U][0U] = zero(); - lit.st[4U][1U] = zero(); - lit.st[4U][2U] = zero(); - lit.st[4U][3U] = zero(); - lit.st[4U][4U] = zero(); - return lit; -} - -static inline void load_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___72size_t(uu____0, uu____1); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___36int32_t_28int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___36int32_t_28int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___36int32_t_28int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___36int32_t_28int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___3int32_t_61int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___3int32_t_61int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___3int32_t_61int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___3int32_t_61int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___41int32_t_23int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___41int32_t_23int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___41int32_t_23int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___41int32_t_23int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___18int32_t_46int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___18int32_t_46int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___18int32_t_46int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___18int32_t_46int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___1int32_t_63int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___1int32_t_63int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___1int32_t_63int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___1int32_t_63int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___44int32_t_20int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___44int32_t_20int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___44int32_t_20int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___44int32_t_20int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___10int32_t_54int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___10int32_t_54int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___10int32_t_54int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___10int32_t_54int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___45int32_t_19int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___45int32_t_19int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___45int32_t_19int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___45int32_t_19int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___2int32_t_62int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___2int32_t_62int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___2int32_t_62int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___2int32_t_62int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___62int32_t_2int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___62int32_t_2int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___62int32_t_2int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___62int32_t_2int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___6int32_t_58int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___6int32_t_58int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___6int32_t_58int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___6int32_t_58int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___43int32_t_21int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___43int32_t_21int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___43int32_t_21int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___43int32_t_21int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___15int32_t_49int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___15int32_t_49int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___15int32_t_49int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___15int32_t_49int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___61int32_t_3int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___61int32_t_3int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___61int32_t_3int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___61int32_t_3int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___28int32_t_36int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___28int32_t_36int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___28int32_t_36int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___28int32_t_36int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___55int32_t_9int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___55int32_t_9int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___55int32_t_9int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___55int32_t_9int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___25int32_t_39int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___25int32_t_39int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___25int32_t_39int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___25int32_t_39int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___21int32_t_43int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___21int32_t_43int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___21int32_t_43int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___21int32_t_43int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___56int32_t_8int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___56int32_t_8int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___56int32_t_8int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___56int32_t_8int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___27int32_t_37int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___27int32_t_37int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___27int32_t_37int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___27int32_t_37int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___20int32_t_44int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___20int32_t_44int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___20int32_t_44int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___20int32_t_44int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___39int32_t_25int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___39int32_t_25int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___39int32_t_25int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___39int32_t_25int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___8int32_t_56int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___8int32_t_56int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___8int32_t_56int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___8int32_t_56int32_t(a, b); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -rotate_left___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t x) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t); - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64___14int32_t_50int32_t(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left___14int32_t_50int32_t(ab); -} - -static inline core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate___14int32_t_50int32_t( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64___14int32_t_50int32_t(a, b); -} - -static inline void theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - xor5(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - xor5(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - xor5(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - xor5(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]); - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - uu____0, uu____1, uu____2, uu____3, - xor5(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - rotate_left1_and_xor(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - rotate_left1_and_xor(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - rotate_left1_and_xor(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - rotate_left1_and_xor(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____4, uu____5, uu____6, uu____7, - rotate_left1_and_xor(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor0(s->st[0U][0U], t[0U]); - s->st[0U][0U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate___36int32_t_28int32_t(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate___3int32_t_61int32_t(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate___41int32_t_23int32_t(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate___18int32_t_46int32_t(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate___1int32_t_63int32_t(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate___44int32_t_20int32_t(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate___10int32_t_54int32_t(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate___45int32_t_19int32_t(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate___2int32_t_62int32_t(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate___62int32_t_2int32_t(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate___6int32_t_58int32_t(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate___43int32_t_21int32_t(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate___15int32_t_49int32_t(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate___61int32_t_3int32_t(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate___28int32_t_36int32_t(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate___55int32_t_9int32_t(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate___25int32_t_39int32_t(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate___21int32_t_43int32_t(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate___56int32_t_8int32_t(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____27; - core_core_arch_arm_shared_neon_uint64x2_t uu____28 = - xor_and_rotate___27int32_t_37int32_t(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____28; - core_core_arch_arm_shared_neon_uint64x2_t uu____29 = - xor_and_rotate___20int32_t_44int32_t(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____29; - core_core_arch_arm_shared_neon_uint64x2_t uu____30 = - xor_and_rotate___39int32_t_25int32_t(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____30; - core_core_arch_arm_shared_neon_uint64x2_t uu____31 = - xor_and_rotate___8int32_t_56int32_t(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____31; - core_core_arch_arm_shared_neon_uint64x2_t uu____32 = - xor_and_rotate___14int32_t_50int32_t(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____32; -} - -static inline void pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)5U, s->st, old, core_core_arch_arm_shared_neon_uint64x2_t[5U], - void *); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -static inline void chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( - i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - and_not_xor(s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - s->st[i1][j] = uu____0;);); -} - -static inline void iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - size_t i) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = xor_constant( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); - s->st[0U][0U] = uu____0; -} - -static inline void -keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - pi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - chi__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - iota__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s, i0); - } -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___72size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___72size_t(uu____0, buf); -} - -static inline void load_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___72size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)72U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)72U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___72size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)72U - (size_t)8U, .end = (size_t)72U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___72size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___72size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___72size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___72size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___72size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___72size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___72size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___72size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t( - s, o1); - } - } -} - -static inline void keccakx2___72size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_72size_t_6uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___72size_t_6uint8_t(uu____0, buf); -} - -static inline void load_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___136size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___136size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___136size_t(uu____0, buf); -} - -static inline void load_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)136U - (size_t)8U, .end = (size_t)136U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___136size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___136size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___136size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___136size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___136size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___136size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___136size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___136size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - s, o1); - } - } -} - -static inline void keccakx2___136size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_6uint8_t( - uu____0, out); -} - -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___136size_t_6uint8_t(uu____0, buf); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)136U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)136U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___136size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t( - s, o1); - } - } +inline void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static inline void keccakx2___136size_t_31uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_136size_t_31uint8_t( - uu____0, out); +inline void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2___136size_t_31uint8_t(buf0, buf); +inline void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +inline libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); -} - -static inline void load_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block_full___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___168size_t(uu____0, buf); -} - -static inline void load_block_full___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___168size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 31U; - blocks[i0][(size_t)168U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)168U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___168size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t_31uint8_t( - s, buf); -} - -static inline void store_block___168size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)168U - (size_t)8U, .end = (size_t)168U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block___168size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___168size_t(a, b); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___168size_t0(s->st, out); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, buf); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___168size_t0(s->st, out); -} - -static inline void -squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____0 = - split_at_mut_n(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o0); - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ uu____1 = - split_at_mut_n(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o1); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_168size_t( - s, buf); -} - -static inline void load_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___144size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___144size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___144size_t(uu____0, buf); -} - -static inline void load_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___144size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)144U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)144U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___144size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)144U - (size_t)8U, .end = (size_t)144U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___144size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___144size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static inline void store_block_full___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___144size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); +inline void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___144size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); +inline void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static inline void store_block___144size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___144size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___144size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___144size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t( - s, o1); - } - } -} - -static inline void keccakx2___144size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_144size_t_6uint8_t( - uu____0, out); +inline void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___144size_t_6uint8_t(uu____0, buf); -} - -static inline void load_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = uu____1; - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]; - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_intrinsics_arm64__veorq_u64( - uu____2, libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = uu____3; - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t ret[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice( - blocks[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst0, ret); - uint64_t uu____4 = core_num__u64_9__from_le_bytes(ret); - u[0U] = uu____4; - uint8_t ret0[8U]; - core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice( - blocks[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_8size_t__core_array_TryFromSliceError( - dst, ret0); - uint64_t uu____5 = core_num__u64_9__from_le_bytes(ret0); - u[1U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - s[i][j] = uu____6; - } -} - -static inline void load_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block___104size_t(uu____0, uu____1); -} - -static inline void -absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block___104size_t0(uu____0, uu____1); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void load_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, - Eurydice_slice)}; - load_block___104size_t(uu____0, buf); -} - -static inline void load_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___104size_t(uu____0, uu____1); -} - -static inline void -absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_subslice( - (size_t)200U, blocks[i0], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = last_len}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], - uint8_t, void *); - blocks[i0][last_len] = 6U; - blocks[i0][(size_t)104U - (size_t)1U] = - (uint32_t)blocks[i0][(size_t)104U - (size_t)1U] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____1)[5U] = s->st; - uint8_t uu____2[2U][200U]; - memcpy(uu____2, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full___104size_t0(uu____1, uu____2); - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); -} - -static inline void store_block___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice(out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)16U * i0, - .end = (size_t)16U * (i0 + (size_t)1U)}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_bytes_u64(uu____0, s[i][j]); - Eurydice_slice uu____1 = Eurydice_slice_subslice( - out[0U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice((size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)0U, .end = (size_t)8U}), - uint8_t, core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice( - out[1U], - (CLITERAL(core_ops_range_Range__size_t){ - .start = (size_t)104U - (size_t)8U, .end = (size_t)104U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice( - (size_t)16U, u, - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)8U, - .end = (size_t)16U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice), - uint8_t, void *); - } -} - -static inline void store_block_full___104size_t( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice); - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block___104size_t(uu____0, buf); - uint8_t uu____2[200U]; - memcpy(uu____2, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -static inline void store_block_full___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - uint8_t ret0[2U][200U]; - store_block_full___104size_t(a, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(uint8_t[200U])); -} - -static inline void -squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full___104size_t0(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void store_block___104size_t0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block___104size_t(a, b); -} - -static inline void -squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(s); - store_block___104size_t0(s->st, out); -} - -static inline void -squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s, - Eurydice_slice out[2U]) { - keccakf1600__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(&s); - uint8_t b[2U][200U]; - store_block_full___104size_t0(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range__size_t lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range__size_t, - Eurydice_slice), - uint8_t, void *);); -} - -static inline void -keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - s = new__core_core_arch_arm_shared_neon_uint64x2_t_2size_t(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n(uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); - absorb_final__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, out); - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____4 = split_at_mut_n(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, o0); - core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( - (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range__size_t, core_ops_range_Range__size_t); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option__size_t) - .tag == core_option_None) { - break; - } else { - K___Eurydice_slice_uint8_t_2size_t__Eurydice_slice_uint8_t_2size_t_ - uu____5 = split_at_mut_n(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - &s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t( - s, o1); - } - } -} - -static inline void keccakx2___104size_t_6uint8_t(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak__core_core_arch_arm_shared_neon_uint64x2_t_2size_t_104size_t_6uint8_t( - uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } inline void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice uu____1 = digest; - Eurydice_slice buf[2U] = { - uu____1, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2___104size_t_6uint8_t(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f8b0db637..281c9682e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/bhargava/Desktop/repositories/eurydice/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: 0e2a116d KaRaMeL version: 018dcd1d + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL + version: 42a43169 */ #ifndef __libcrux_sha3_neon_H @@ -14,14 +14,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -typedef struct - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -29,23 +23,24 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState2_s { + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState2; + +libcrux_sha3_neon_x2_incremental_KeccakState2 libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice data0, Eurydice_slice data1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice data0, + Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_arm_shared_neon_uint64x2_t__2size_t - *s, - Eurydice_slice out0, Eurydice_slice out1); + libcrux_sha3_neon_x2_incremental_KeccakState2 *s, Eurydice_slice out0, + Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index 0d0f74558..f15b3e89d 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -530,7 +530,7 @@ TEST(MlKem768TestAvx2Unpacked, NISTKnownAnswerTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); + libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked(&key_pair, &ctxt.fst, sharedSecret2); EXPECT_EQ(0, memcmp(ctxt.snd, From f6b02430a216020f45d0ebbdc79dde7ce9f97465 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 1 Jul 2024 13:07:37 +0200 Subject: [PATCH 20/31] refreshed C code, after merging properly and bugfix --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 6 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 685 ++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 423 +++++------ libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- libcrux-ml-kem/src/mlkem512.rs | 2 +- 34 files changed, 566 insertions(+), 732 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 6d88a77bf..bca2d74da 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: -Charon: 23f20c184e51015582b7918ea4f1eb063b28daba -Eurydice: 30fdb50add4dabaee90051878c166bac8c5ac26a +Charon: aeeae1d46704810bf498db552a75dff15aa3abcc +Eurydice: ffeb01ce4cf0646e5cadec836bc042f98b8a16a8 Karamel: 42a431696cd32d41155d7e484720eb71fd5dc7b1 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +F*: f09228ef9a64ac4ef383ee0e10656ccb612db2ee diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index d5e5f8b43..6549197b5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL - version: 42a43169 + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 8ae58ad5a..dc0cf4066 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 042dd41e1..18576f000 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 29a372894..a606239bd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 9a5805f02..ca5e8b6ed 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e73203c44..091e5bb77 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index f4c2f05d1..939357063 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_core_H @@ -128,11 +128,11 @@ typedef struct #define core_result_Err 1 typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags; typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 922027378..3f01c2fb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 659c5962c..f1140c1e7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 76195a3a9..5802a064c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index da4373df0..e0068024f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index f0a4386cc..fec254bc3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index f15e2be11..842a6cc17 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 72bf0d1f6..e166378c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 5a6ff4247..cf8d7e4eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 266dc9b2b..eb732862e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 56486c02c..e482c081f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e65cbce2d..3ccbc38fd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4af6425f4..c3e2c6ad6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 49d677e5e..cac649a1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 8a555a67e..f0f14569d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 8f20409a0..9d91a9204 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 20c81453e..343eb0db1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL - version: 42a43169 + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1749,7 +1749,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } @@ -1784,52 +1784,41 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +static inline libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb___3size_t(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } static inline void shake128_squeeze_three_blocks___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][504U]) { + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; uint8_t out1[504U] = {0U}; uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = self; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____0, uu____1, uu____2, uu____3, + self, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[504U]; - memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____5[504U]; - memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____6[504U]; - memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -1875,33 +1864,27 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } static inline void shake128_squeeze_block___3size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[3U][168U]) { + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; uint8_t out1[168U] = {0U}; uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = self; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____0, uu____1, uu____2, uu____3, + self, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -1986,7 +1969,7 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = shake128_init_absorb___3size_t(uu____0); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks___3size_t(&xof_state, randomness0); @@ -2092,32 +2075,24 @@ static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t out1[128U] = {0U}; uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____7[128U]; - memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____8[128U]; - memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____9[128U]; - memcpy(uu____9, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____9, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -2731,11 +2706,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIM ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____1, + ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); @@ -2744,16 +2717,16 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIM Eurydice_slice), public_key_hash); libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t - uu____2 = ind_cpa_private_key; + uu____1 = ind_cpa_private_key; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t - uu____3 = ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + uu____2 = ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t lit; - lit.private_key = uu____2; - lit.public_key = uu____3; - memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + lit.private_key = uu____1; + lit.public_key = uu____2; + memcpy(lit.public_key_hash, uu____3, (size_t)32U * sizeof(uint8_t)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, @@ -2775,24 +2748,22 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f sk = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____1, + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____2[1152U]; - memcpy(uu____2, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____2, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____3, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -2876,26 +2847,25 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( - uu____1, + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + uu____1); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, + uu____2, libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); + uu____3)); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t @@ -3158,10 +3128,11 @@ compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( static core_core_arch_x86___m256i decompress_1__libcrux_ml_kem_vector_avx2_SIMD256Vector( core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(); return libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___bitwise_and_with_constant( libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___ZERO(), - &v), + uu____0, &v), (int16_t)1665); } @@ -3757,13 +3728,11 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256V static inline void entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static inline void @@ -3866,13 +3835,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ static inline void kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ @@ -4536,10 +4503,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIM libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = shared_secret; uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____6, + shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -4713,11 +4679,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t shared_secret[32U]; kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( shared_secret0, shared_secret); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, - uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____9, + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -4839,7 +4804,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } @@ -4874,55 +4839,44 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +static inline libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb___4size_t(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); return state; } static inline void shake128_squeeze_three_blocks___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][504U]) { + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; uint8_t out1[504U] = {0U}; uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = self; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____0, uu____1, uu____2, uu____3, + self, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[504U]; - memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____5[504U]; - memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____6[504U]; - memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____7[504U]; - memcpy(uu____7, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____7, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -4968,36 +4922,30 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } static inline void shake128_squeeze_block___4size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[4U][168U]) { + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; uint8_t out1[168U] = {0U}; uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = self; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____0, uu____1, uu____2, uu____3, + self, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____6[168U]; - memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____7[168U]; - memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -5062,7 +5010,7 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = shake128_init_absorb___4size_t(uu____0); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks___4size_t(&xof_state, randomness0); @@ -5168,35 +5116,27 @@ static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t out1[128U] = {0U}; uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____7[128U]; - memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____8[128U]; - memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____9[128U]; - memcpy(uu____9, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____9, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____10[128U]; - memcpy(uu____10, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____10, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -5488,11 +5428,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIM ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____1, + ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); @@ -5501,16 +5439,16 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIM Eurydice_slice), public_key_hash); libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t - uu____2 = ind_cpa_private_key; + uu____1 = ind_cpa_private_key; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t - uu____3 = ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + uu____2 = ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t lit; - lit.private_key = uu____2; - lit.public_key = uu____3; - memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + lit.private_key = uu____1; + lit.public_key = uu____2; + memcpy(lit.public_key_hash, uu____3, (size_t)32U * sizeof(uint8_t)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, @@ -5532,24 +5470,22 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f sk = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____1, + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____2[1536U]; - memcpy(uu____2, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____2, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____3, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -5633,26 +5569,25 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - uu____1, + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + uu____1); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uu____3, + uu____2, libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uu____4)); + uu____3)); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t @@ -6034,13 +5969,11 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256V static inline void entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static inline void @@ -6143,13 +6076,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ static inline void kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ @@ -6422,10 +6353,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIM libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = shared_secret; uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____6, + shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -6577,11 +6507,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t shared_secret[32U]; kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( shared_secret0, shared_secret); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, - uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____9, + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -6703,7 +6632,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } @@ -6738,49 +6667,38 @@ closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static inline libcrux_sha3_avx2_x4_incremental_KeccakState4 +static inline libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb___2size_t(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t state = libcrux_sha3_avx2_x4_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = &state; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - uu____0, uu____1, uu____2, uu____3, + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } static inline void shake128_squeeze_three_blocks___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][504U]) { + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; uint8_t out1[504U] = {0U}; uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = self; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____0, uu____1, uu____2, uu____3, + self, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[504U]; - memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____5[504U]; - memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -6826,30 +6744,24 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_avx2_SIMD256Vector_ } static inline void shake128_squeeze_block___2size_t( - libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, - uint8_t ret[2U][168U]) { + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; uint8_t out1[168U] = {0U}; uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; - libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____0 = self; - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____0, uu____1, uu____2, uu____3, + self, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____4[168U]; - memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____5[168U]; - memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6914,7 +6826,7 @@ sample_from_xof__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_fu int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState4 xof_state = + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = shake128_init_absorb___2size_t(uu____0); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks___2size_t(&xof_state, randomness0); @@ -7020,29 +6932,21 @@ static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t out1[192U] = {0U}; uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____7[192U]; - memcpy(uu____7, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____7, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____8[192U]; - memcpy(uu____8, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____8, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -7345,11 +7249,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIM ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____1, + ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); @@ -7358,16 +7260,16 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIM Eurydice_slice), public_key_hash); libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t - uu____2 = ind_cpa_private_key; + uu____1 = ind_cpa_private_key; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t - uu____3 = ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + uu____2 = ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t lit; - lit.private_key = uu____2; - lit.public_key = uu____3; - memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + lit.private_key = uu____1; + lit.public_key = uu____2; + memcpy(lit.public_key_hash, uu____3, (size_t)32U * sizeof(uint8_t)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, @@ -7389,24 +7291,22 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f sk = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____1, + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____2[768U]; - memcpy(uu____2, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____3[800U]; - memcpy(uu____3, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____2, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____3, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -7490,26 +7390,25 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( - uu____1, + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + uu____1); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uu____3, + uu____2, libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uu____4)); + uu____3)); } static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], @@ -7519,29 +7418,21 @@ static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t out1[128U] = {0U}; uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____1 = - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____7[128U]; - memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____8[128U]; - memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -7877,13 +7768,11 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256V static inline void entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static inline void @@ -7986,13 +7875,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ static inline void kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ @@ -8224,10 +8111,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIM libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = shared_secret; uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____6, + shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -8379,11 +8265,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto uint8_t shared_secret[32U]; kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( shared_secret0, shared_secret); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, - uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____9, + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e236bde85..fc7e703c7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2b77f5361..09df97566 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: f09228ef KaRaMeL - version: 42a43169 + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_mlkem_portable.h" @@ -694,7 +694,7 @@ inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { core_ops_range_Range__size_t iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter( + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range__size_t){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), @@ -2517,7 +2517,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } @@ -2566,19 +2566,17 @@ static inline PortableHash____4size_t shake128_init_absorb___4size_t( state[i] = libcrux_sha3_portable_incremental_shake128_init();); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[4U]; + &state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____0[4U]; memcpy( - uu____1, state, + uu____0, state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____4size_t lit; memcpy( - lit.shake128_state, uu____1, + lit.shake128_state, uu____0, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; @@ -2589,11 +2587,10 @@ static inline void shake128_squeeze_three_blocks___4size_t( uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + &self->shake128_state[i0], + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2641,13 +2638,11 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_typ static inline void shake128_squeeze_block___4size_t( PortableHash____4size_t *self, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &self->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2835,13 +2830,12 @@ typedef struct static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -3472,11 +3466,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( - uu____1, + ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); @@ -3485,16 +3477,16 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable Eurydice_slice), public_key_hash); libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t - uu____2 = ind_cpa_private_key; + uu____1 = ind_cpa_private_key; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t - uu____3 = ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + uu____2 = ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t lit; - lit.private_key = uu____2; - lit.public_key = uu____3; - memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + lit.private_key = uu____1; + lit.public_key = uu____2; + memcpy(lit.public_key_hash, uu____3, (size_t)32U * sizeof(uint8_t)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, @@ -3516,24 +3508,22 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc sk = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( - uu____1, + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____2[1536U]; - memcpy(uu____2, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____2, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____3, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -3617,26 +3607,25 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_t memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( - uu____1, + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[3168U]; - memcpy(uu____2, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____3168size_t private_key = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____3 = private_key; - uint8_t uu____4[1568U]; - memcpy(uu____4, public_key, (size_t)1568U * sizeof(uint8_t)); + uu____1); + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___3168size_t_1568size_t( - uu____3, + uu____2, libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( - uu____4)); + uu____3)); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t @@ -3909,10 +3898,11 @@ compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4siz static libcrux_ml_kem_vector_portable_vector_type_PortableVector decompress_1__libcrux_ml_kem_vector_portable_vector_type_PortableVector( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(); return libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___bitwise_and_with_constant( libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___sub( - libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___ZERO(), - &v), + uu____0, &v), (int16_t)1665); } @@ -4349,13 +4339,11 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect static inline void entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static inline void @@ -4459,13 +4447,11 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke static inline void kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ @@ -4983,10 +4969,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1568size_t( uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = shared_secret; uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____6, + shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -5162,11 +5147,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t uint8_t shared_secret[32U]; kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( shared_secret0, shared_secret); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, - uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____9, + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -5289,7 +5273,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } @@ -5338,19 +5322,17 @@ static inline PortableHash____3size_t shake128_init_absorb___3size_t( state[i] = libcrux_sha3_portable_incremental_shake128_init();); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[3U]; + &state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____0[3U]; memcpy( - uu____1, state, + uu____0, state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____3size_t lit; memcpy( - lit.shake128_state, uu____1, + lit.shake128_state, uu____0, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; @@ -5361,11 +5343,10 @@ static inline void shake128_squeeze_three_blocks___3size_t( uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + &self->shake128_state[i0], + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -5413,13 +5394,11 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_typ static inline void shake128_squeeze_block___3size_t( PortableHash____3size_t *self, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &self->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -5585,13 +5564,12 @@ typedef struct static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -5890,11 +5868,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( - uu____1, + ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); @@ -5903,16 +5879,16 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable Eurydice_slice), public_key_hash); libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t - uu____2 = ind_cpa_private_key; + uu____1 = ind_cpa_private_key; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t - uu____3 = ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + uu____2 = ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t lit; - lit.private_key = uu____2; - lit.public_key = uu____3; - memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + lit.private_key = uu____1; + lit.public_key = uu____2; + memcpy(lit.public_key_hash, uu____3, (size_t)32U * sizeof(uint8_t)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, @@ -5934,24 +5910,22 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc sk = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( - uu____1, + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____2[1152U]; - memcpy(uu____2, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____2, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____3, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -6035,26 +6009,25 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_t memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( - uu____1, + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[2400U]; - memcpy(uu____2, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____2400size_t private_key = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____3 = private_key; - uint8_t uu____4[1184U]; - memcpy(uu____4, public_key, (size_t)1184U * sizeof(uint8_t)); + uu____1); + libcrux_ml_kem_types_MlKemPrivateKey____2400size_t uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___2400size_t_1184size_t( - uu____3, + uu____2, libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( - uu____4)); + uu____3)); } static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t @@ -6448,13 +6421,11 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect static inline void entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static inline void @@ -6558,13 +6529,11 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke static inline void kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ @@ -6845,10 +6814,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___1088size_t( uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = shared_secret; uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____6, + shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -7000,11 +6968,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t uint8_t shared_secret[32U]; kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( shared_secret0, shared_secret); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, - uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____9, + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -7127,7 +7094,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_B__N___for__Array_A__N____eq( + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } @@ -7176,19 +7143,17 @@ static inline PortableHash____2size_t shake128_init_absorb___2size_t( state[i] = libcrux_sha3_portable_incremental_shake128_init();); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &state[i0]; libcrux_sha3_portable_incremental_shake128_absorb_final( - uu____0, Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____1[2U]; + &state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t uu____0[2U]; memcpy( - uu____1, state, + uu____0, state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); PortableHash____2size_t lit; memcpy( - lit.shake128_state, uu____1, + lit.shake128_state, uu____0, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t)); return lit; @@ -7199,11 +7164,10 @@ static inline void shake128_squeeze_three_blocks___2size_t( uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - uu____0, Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + &self->shake128_state[i0], + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -7251,13 +7215,11 @@ sample_from_uniform_distribution_next__libcrux_ml_kem_vector_portable_vector_typ static inline void shake128_squeeze_block___2size_t( PortableHash____2size_t *self, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *uu____0 = - &self->shake128_state[i0]; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - uu____0, Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &self->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -7423,13 +7385,12 @@ typedef struct static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)192U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -7739,11 +7700,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - *uu____1 = ind_cpa_public_key.t_as_ntt; uint8_t pk_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( - uu____1, + ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); @@ -7752,16 +7711,16 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable Eurydice_slice), public_key_hash); libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t - uu____2 = ind_cpa_private_key; + uu____1 = ind_cpa_private_key; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t - uu____3 = ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, public_key_hash, (size_t)32U * sizeof(uint8_t)); + uu____2 = ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t lit; - lit.private_key = uu____2; - lit.public_key = uu____3; - memcpy(lit.public_key_hash, uu____4, (size_t)32U * sizeof(uint8_t)); + lit.private_key = uu____1; + lit.public_key = uu____2; + memcpy(lit.public_key_hash, uu____3, (size_t)32U * sizeof(uint8_t)); uint8_t ret[32U]; core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, @@ -7783,24 +7742,22 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc sk = uu____0.fst; libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t pk = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - *uu____1 = pk.t_as_ntt; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( - uu____1, + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____2[768U]; - memcpy(uu____2, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____3[800U]; - memcpy(uu____3, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____2, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____3, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -7884,38 +7841,36 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_t memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - Eurydice_slice uu____1 = Eurydice_array_to_slice( - (size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( - uu____1, + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____2[1632U]; - memcpy(uu____2, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey____1632size_t private_key = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( - uu____2); - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____3 = private_key; - uint8_t uu____4[800U]; - memcpy(uu____4, public_key, (size_t)800U * sizeof(uint8_t)); + uu____1); + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemKeyPair_PRIVATE_KEY_SIZE__PUBLIC_KEY_SIZE___from___1632size_t_800size_t( - uu____3, + uu____2, libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( - uu____4)); + uu____3)); } static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)128U, out[i0], - uint8_t, Eurydice_slice); - libcrux_sha3_portable_shake256( - uu____0, Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -8261,13 +8216,11 @@ libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vect static inline void entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } static inline void @@ -8371,13 +8324,11 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke static inline void kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t ret0[32U]; - core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( - dst, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ @@ -8614,10 +8565,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); - Eurydice_slice uu____6 = shared_secret; uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____6, + shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); @@ -8770,11 +8720,10 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t uint8_t shared_secret[32U]; kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( shared_secret0, shared_secret); - Eurydice_slice uu____9 = Eurydice_array_to_slice((size_t)32U, shared_secret, - uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - uu____9, + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), selector, ret0); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 5633a24fe..3d9d6dd32 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7559883ef..1f241406b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index bcbd6859d..a44befbd7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 0280b1762..c19821a52 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 0a2911da7..ed96ae2f9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 2fbb85911..72ccf5784 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 9a803b376..0d02ebc7c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: - KaRaMeL version: 42a43169 + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml + -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 344c98709..636a93859 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -279,7 +279,7 @@ macro_rules! instantiate { // Instantiations -instantiate! {portable, ind_cca::instantiations::portable, vector::portable::PortableVector "Portable ML-KEM 512"} +instantiate! {portable, ind_cca::instantiations::portable, vector::portable::PortableVector, "Portable ML-KEM 512"} #[cfg(feature = "simd256")] instantiate! {avx2, ind_cca::instantiations::avx2, vector::SIMD256Vector, "AVX2 Optimised ML-KEM 512"} #[cfg(feature = "simd128")] From f592ce34c1b53d05ae82d4fc13332e2bb4e724d5 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 1 Jul 2024 13:46:15 -0400 Subject: [PATCH 21/31] fixed config flags for unpacked to pre-verification --- libcrux-ml-kem/benches/ml-kem.rs | 15 +++-- libcrux-ml-kem/tests/self.rs | 106 ++++++++++++++++--------------- 2 files changed, 64 insertions(+), 57 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index d3449a043..5eace9335 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -20,7 +20,7 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }) }); - #[cfg(feature = "simd256")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] group.bench_function("libcrux avx2 unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); @@ -29,7 +29,7 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }) }); - #[cfg(feature = "simd128")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] group.bench_function("libcrux neon unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); @@ -38,6 +38,7 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }) }); + #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] group.bench_function("libcrux portable unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); @@ -87,6 +88,7 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { ) }); + #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] group.bench_function("libcrux unpacked portable (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -105,7 +107,7 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { ) }); - #[cfg(feature = "simd128")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] group.bench_function("libcrux unpacked neon (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -124,7 +126,7 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { ) }); - #[cfg(feature = "simd256")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] group.bench_function("libcrux unpacked avx2 (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -167,6 +169,7 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { ) }); + #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] group.bench_function("libcrux unpacked portable", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -190,7 +193,7 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { ) }); - #[cfg(feature = "simd128")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] group.bench_function("libcrux unpacked neon", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -213,7 +216,7 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { ) }); - #[cfg(feature = "simd256")] + #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] group.bench_function("libcrux unpacked avx2", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 2e663270f..37d16d09a 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -209,6 +209,7 @@ macro_rules! impl_modified_ciphertext_and_implicit_rejection_value { }; } + #[cfg(feature = "mlkem512")] impl_consistency!( consistency_512, @@ -231,91 +232,94 @@ impl_consistency!( libcrux_ml_kem::mlkem1024::decapsulate ); +#[cfg(all(feature = "mlkem512", feature = "pre-verification"))] impl_consistency_unpacked!( consistency_unpacked_512_portable, - mlkem512::portable::generate_key_pair, - mlkem512::portable::encapsulate, - mlkem512::portable::generate_key_pair_unpacked, - mlkem512::portable::encapsulate_unpacked, - mlkem512::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem512::portable::generate_key_pair, + libcrux_ml_kem::mlkem512::portable::encapsulate, + libcrux_ml_kem::mlkem512::portable::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem512::portable::encapsulate_unpacked, + libcrux_ml_kem::mlkem512::portable::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem512", feature = "simd128"))] +#[cfg(all(feature = "mlkem512", feature = "pre-verification", feature = "simd128"))] impl_consistency_unpacked!( consistency_unpacked_512_neon, - mlkem512::neon::generate_key_pair, - mlkem512::neon::encapsulate, - mlkem512::neon::generate_key_pair_unpacked, - mlkem512::neon::encapsulate_unpacked, - mlkem512::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem512::neon::generate_key_pair, + libcrux_ml_kem::mlkem512::neon::encapsulate, + libcrux_ml_kem::mlkem512::neon::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem512::neon::encapsulate_unpacked, + libcrux_ml_kem::mlkem512::neon::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem512", feature = "simd256"))] +#[cfg(all(feature = "mlkem512", feature = "pre-verification", feature = "simd256"))] impl_consistency_unpacked!( consistency_unpacked_512_avx2, - mlkem512::avx2::generate_key_pair, - mlkem512::avx2::encapsulate, - mlkem512::avx2::generate_key_pair_unpacked, - mlkem512::avx2::encapsulate_unpacked, - mlkem512::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem512::avx2::generate_key_pair, + libcrux_ml_kem::mlkem512::avx2::encapsulate, + libcrux_ml_kem::mlkem512::avx2::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem512::avx2::encapsulate_unpacked, + libcrux_ml_kem::mlkem512::avx2::decapsulate_unpacked ); +#[cfg(all(feature = "mlkem1024", feature = "pre-verification"))] impl_consistency_unpacked!( consistency_unpacked_1024_portable, - mlkem1024::portable::generate_key_pair, - mlkem1024::portable::encapsulate, - mlkem1024::portable::generate_key_pair_unpacked, - mlkem1024::portable::encapsulate_unpacked, - mlkem1024::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::portable::generate_key_pair, + libcrux_ml_kem::mlkem1024::portable::encapsulate, + libcrux_ml_kem::mlkem1024::portable::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem1024::portable::encapsulate_unpacked, + libcrux_ml_kem::mlkem1024::portable::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem1024", feature = "simd128"))] +#[cfg(all(feature = "mlkem1024", feature = "pre-verification", feature = "simd128"))] impl_consistency_unpacked!( consistency_unpacked_1024_neon, - mlkem1024::neon::generate_key_pair, - mlkem1024::neon::encapsulate, - mlkem1024::neon::generate_key_pair_unpacked, - mlkem1024::neon::encapsulate_unpacked, - mlkem1024::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::neon::generate_key_pair, + libcrux_ml_kem::mlkem1024::neon::encapsulate, + libcrux_ml_kem::mlkem1024::neon::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem1024::neon::encapsulate_unpacked, + libcrux_ml_kem::mlkem1024::neon::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem1024", feature = "simd256"))] +#[cfg(all(feature = "mlkem1024", feature = "pre-verification", feature = "simd256"))] impl_consistency_unpacked!( consistency_unpacked_1024_avx2, - mlkem1024::avx2::generate_key_pair, - mlkem1024::avx2::encapsulate, - mlkem1024::avx2::generate_key_pair_unpacked, - mlkem1024::avx2::encapsulate_unpacked, - mlkem1024::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::avx2::generate_key_pair, + libcrux_ml_kem::mlkem1024::avx2::encapsulate, + libcrux_ml_kem::mlkem1024::avx2::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem1024::avx2::encapsulate_unpacked, + libcrux_ml_kem::mlkem1024::avx2::decapsulate_unpacked ); +#[cfg(all(feature = "mlkem768", feature = "pre-verification"))] impl_consistency_unpacked!( consistency_unpacked_768_portable, - mlkem768::portable::generate_key_pair, - mlkem768::portable::encapsulate, - mlkem768::portable::generate_key_pair_unpacked, - mlkem768::portable::encapsulate_unpacked, - mlkem768::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem768::portable::generate_key_pair, + libcrux_ml_kem::mlkem768::portable::encapsulate, + libcrux_ml_kem::mlkem768::portable::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem768::portable::encapsulate_unpacked, + libcrux_ml_kem::mlkem768::portable::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem768", feature = "simd128"))] +#[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] impl_consistency_unpacked!( consistency_unpacked_768_neon, - mlkem768::neon::generate_key_pair, - mlkem768::neon::encapsulate, - mlkem768::neon::generate_key_pair_unpacked, - mlkem768::neon::encapsulate_unpacked, - mlkem768::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem768::neon::generate_key_pair, + libcrux_ml_kem::mlkem768::neon::encapsulate, + libcrux_ml_kem::mlkem768::neon::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem768::neon::encapsulate_unpacked, + libcrux_ml_kem::mlkem768::neon::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem768", feature = "simd256"))] +#[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] impl_consistency_unpacked!( consistency_unpacked_768_avx2, - mlkem768::avx2::generate_key_pair, - mlkem768::avx2::encapsulate, - mlkem768::avx2::generate_key_pair_unpacked, - mlkem768::avx2::encapsulate_unpacked, - mlkem768::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem768::avx2::generate_key_pair, + libcrux_ml_kem::mlkem768::avx2::encapsulate, + libcrux_ml_kem::mlkem768::avx2::generate_key_pair_unpacked, + libcrux_ml_kem::mlkem768::avx2::encapsulate_unpacked, + libcrux_ml_kem::mlkem768::avx2::decapsulate_unpacked ); #[cfg(feature = "mlkem512")] From 75178bccde83851715d394fce24119adbe67587e Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 1 Jul 2024 19:46:35 +0200 Subject: [PATCH 22/31] fmt --- libcrux-ml-kem/benches/ml-kem.rs | 36 +++++++++++++++++++++++++------ libcrux-ml-kem/tests/self.rs | 37 ++++++++++++++++++++++++++------ 2 files changed, 60 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 5eace9335..75ec7f6d3 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -20,7 +20,11 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd256" + ))] group.bench_function("libcrux avx2 unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); @@ -29,7 +33,11 @@ pub fn comparisons_key_generation(c: &mut Criterion) { }) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd128" + ))] group.bench_function("libcrux neon unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); @@ -107,7 +115,11 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { ) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd128" + ))] group.bench_function("libcrux unpacked neon (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -126,7 +138,11 @@ pub fn comparisons_encapsulation(c: &mut Criterion) { ) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd256" + ))] group.bench_function("libcrux unpacked avx2 (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -193,7 +209,11 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { ) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd128" + ))] group.bench_function("libcrux unpacked neon", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); @@ -216,7 +236,11 @@ pub fn comparisons_decapsulation(c: &mut Criterion) { ) }); - #[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] + #[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd256" + ))] group.bench_function("libcrux unpacked avx2", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 37d16d09a..baf1e410b 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -209,7 +209,6 @@ macro_rules! impl_modified_ciphertext_and_implicit_rejection_value { }; } - #[cfg(feature = "mlkem512")] impl_consistency!( consistency_512, @@ -242,7 +241,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem512::portable::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem512", feature = "pre-verification", feature = "simd128"))] +#[cfg(all( + feature = "mlkem512", + feature = "pre-verification", + feature = "simd128" +))] impl_consistency_unpacked!( consistency_unpacked_512_neon, libcrux_ml_kem::mlkem512::neon::generate_key_pair, @@ -252,7 +255,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem512::neon::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem512", feature = "pre-verification", feature = "simd256"))] +#[cfg(all( + feature = "mlkem512", + feature = "pre-verification", + feature = "simd256" +))] impl_consistency_unpacked!( consistency_unpacked_512_avx2, libcrux_ml_kem::mlkem512::avx2::generate_key_pair, @@ -272,7 +279,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem1024::portable::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem1024", feature = "pre-verification", feature = "simd128"))] +#[cfg(all( + feature = "mlkem1024", + feature = "pre-verification", + feature = "simd128" +))] impl_consistency_unpacked!( consistency_unpacked_1024_neon, libcrux_ml_kem::mlkem1024::neon::generate_key_pair, @@ -282,7 +293,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem1024::neon::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem1024", feature = "pre-verification", feature = "simd256"))] +#[cfg(all( + feature = "mlkem1024", + feature = "pre-verification", + feature = "simd256" +))] impl_consistency_unpacked!( consistency_unpacked_1024_avx2, libcrux_ml_kem::mlkem1024::avx2::generate_key_pair, @@ -302,7 +317,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem768::portable::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd128"))] +#[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd128" +))] impl_consistency_unpacked!( consistency_unpacked_768_neon, libcrux_ml_kem::mlkem768::neon::generate_key_pair, @@ -312,7 +331,11 @@ impl_consistency_unpacked!( libcrux_ml_kem::mlkem768::neon::decapsulate_unpacked ); -#[cfg(all(feature = "mlkem768", feature = "pre-verification", feature = "simd256"))] +#[cfg(all( + feature = "mlkem768", + feature = "pre-verification", + feature = "simd256" +))] impl_consistency_unpacked!( consistency_unpacked_768_avx2, libcrux_ml_kem::mlkem768::avx2::generate_key_pair, From 0cec9880837c7840b7048cafff3473fa21c41993 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 4 Jul 2024 07:31:49 -0400 Subject: [PATCH 23/31] fixes --- libcrux-ml-kem/src/mlkem1024.rs | 6 ++++-- libcrux-ml-kem/src/mlkem512.rs | 6 ++++-- libcrux-ml-kem/src/mlkem768.rs | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 78c93c7dc..c4b12d078 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -52,8 +52,10 @@ pub type MlKem1024PublicKey = MlKemPublicKey; pub type MlKem1024KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 1024 Public key +#[allow(type_alias_bounds)] pub type MlKem1024PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 1024 Key pair +#[allow(type_alias_bounds)] pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -226,7 +228,7 @@ macro_rules! instantiate { /// Encapsulate ML-KEM 1024 (unpacked) /// /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked<$vec>`], + /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem1024PublicKeyUnpacked<$vec>, @@ -253,7 +255,7 @@ macro_rules! instantiate { /// Decapsulate ML-KEM 1024 (unpacked) /// /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked<$vec>`] + /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] /// and an [`MlKem1024Ciphertext`]. pub fn decapsulate_unpacked( private_key: &MlKem1024KeyPairUnpacked<$vec>, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 636a93859..8598d8964 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -49,8 +49,10 @@ pub type MlKem512PublicKey = MlKemPublicKey; pub type MlKem512KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 512 Public key +#[allow(type_alias_bounds)] pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 512 Key pair +#[allow(type_alias_bounds)] pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -221,7 +223,7 @@ macro_rules! instantiate { /// Encapsulate ML-KEM 512 (unpacked) /// /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked<$vec>`], + /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem512PublicKeyUnpacked<$vec>, @@ -248,7 +250,7 @@ macro_rules! instantiate { /// Decapsulate ML-KEM 512 (unpacked) /// /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked<$vec>`] + /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] /// and an [`MlKem512Ciphertext`]. pub fn decapsulate_unpacked( private_key: &MlKem512KeyPairUnpacked<$vec>, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index c6e7fd3ca..e05f8fe98 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -52,8 +52,10 @@ pub type MlKem768PublicKey = MlKemPublicKey; pub type MlKem768KeyPair = MlKemKeyPair; /// An Unpacked ML-KEM 768 Public key +#[allow(type_alias_bounds)] pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; /// Am Unpacked ML-KEM 768 Key pair +#[allow(type_alias_bounds)] pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; // Instantiate the different functions. @@ -224,7 +226,7 @@ macro_rules! instantiate { /// Encapsulate ML-KEM 768 (unpacked) /// /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked<$vec>`], + /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem768PublicKeyUnpacked<$vec>, @@ -251,7 +253,7 @@ macro_rules! instantiate { /// Decapsulate ML-KEM 768 (unpacked) /// /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked<$vec>`] + /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] /// and an [`MlKem768Ciphertext`]. pub fn decapsulate_unpacked( private_key: &MlKem768KeyPairUnpacked<$vec>, From c6ccba1b5d306cf48a452802a22974a8975da306 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 9 Jul 2024 17:04:35 -0400 Subject: [PATCH 24/31] fixup --- libcrux-ml-kem/benches/ml-kem.rs | 134 ++++++++++++++++--------------- libcrux-ml-kem/src/ind_cca.rs | 2 +- 2 files changed, 69 insertions(+), 67 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 1e40bfd53..9b2bc969f 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -27,12 +27,30 @@ macro_rules! init { pub fn key_generation(c: &mut Criterion) { let mut rng = OsRng; + macro_rules! fun { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function(format!("libcrux {} (external random)", $name), |b| { + use $p as p; + + let mut seed = [0; 64]; + rng.fill_bytes(&mut seed); + b.iter(|| { + let _kp = core::hint::black_box(p::generate_key_pair(seed)); + }) + }); + }; + } + + init!(mlkem512, "Key Generation", c); + init!(mlkem768, "Key Generation", c); + init!(mlkem1024, "Key Generation", c); + #[cfg(all( feature = "mlkem768", feature = "pre-verification", feature = "simd256" ))] - group.bench_function("libcrux avx2 unpacked (external random)", |b| { + c.bench_function("libcrux avx2 unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); b.iter(|| { @@ -45,7 +63,7 @@ pub fn key_generation(c: &mut Criterion) { feature = "pre-verification", feature = "simd128" ))] - group.bench_function("libcrux neon unpacked (external random)", |b| { + c.bench_function("libcrux neon unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); b.iter(|| { @@ -54,7 +72,7 @@ pub fn key_generation(c: &mut Criterion) { }); #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] - group.bench_function("libcrux portable unpacked (external random)", |b| { + c.bench_function("libcrux portable unpacked (external random)", |b| { let mut seed = [0; 64]; rng.fill_bytes(&mut seed); b.iter(|| { @@ -62,23 +80,6 @@ pub fn key_generation(c: &mut Criterion) { }) }); - macro_rules! fun { - ($name:expr, $p:path, $group:expr) => { - $group.bench_function(format!("libcrux {} (external random)", $name), |b| { - use $p as p; - - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = core::hint::black_box(p::generate_key_pair(seed)); - }) - }); - }; - } - - init!(mlkem512, "Key Generation", c); - init!(mlkem768, "Key Generation", c); - init!(mlkem1024, "Key Generation", c); } pub fn pk_validation(c: &mut Criterion) { @@ -112,8 +113,32 @@ pub fn pk_validation(c: &mut Criterion) { pub fn encapsulation(c: &mut Criterion) { + macro_rules! fun { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function(format!("libcrux {} (external random)", $name), |b| { + use $p as p; + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || p::generate_key_pair(seed1), + |keypair| { + let (_shared_secret, _ciphertext) = + black_box(p::encapsulate(keypair.public_key(), seed2)); + }, + BatchSize::SmallInput, + ) + }); + }; + } + + init!(mlkem512, "Encapsulation", c); + init!(mlkem768, "Encapsulation", c); + init!(mlkem1024, "Encapsulation", c); + #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] - group.bench_function("libcrux unpacked portable (external random)", |b| { + c.bench_function("libcrux unpacked portable (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -136,7 +161,7 @@ pub fn encapsulation(c: &mut Criterion) { feature = "pre-verification", feature = "simd128" ))] - group.bench_function("libcrux unpacked neon (external random)", |b| { + c.bench_function("libcrux unpacked neon (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -159,7 +184,7 @@ pub fn encapsulation(c: &mut Criterion) { feature = "pre-verification", feature = "simd256" ))] - group.bench_function("libcrux unpacked avx2 (external random)", |b| { + c.bench_function("libcrux unpacked avx2 (external random)", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -177,19 +202,28 @@ pub fn encapsulation(c: &mut Criterion) { ) }); +} + +pub fn decapsulation(c: &mut Criterion) { + macro_rules! fun { ($name:expr, $p:path, $group:expr) => { - $group.bench_function(format!("libcrux {} (external random)", $name), |b| { + $group.bench_function(format!("libcrux {}", $name), |b| { use $p as p; let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; OsRng.fill_bytes(&mut seed2); b.iter_batched( - || p::generate_key_pair(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - black_box(p::encapsulate(keypair.public_key(), seed2)); + || { + let keypair = p::generate_key_pair(seed1); + let (ciphertext, _shared_secret) = + p::encapsulate(keypair.public_key(), seed2); + (keypair, ciphertext) + }, + |(keypair, ciphertext)| { + let _shared_secret = + black_box(p::decapsulate(keypair.private_key(), &ciphertext)); }, BatchSize::SmallInput, ) @@ -197,15 +231,12 @@ pub fn encapsulation(c: &mut Criterion) { }; } - init!(mlkem512, "Encapsulation", c); - init!(mlkem768, "Encapsulation", c); - init!(mlkem1024, "Encapsulation", c); -} - -pub fn decapsulation(c: &mut Criterion) { + init!(mlkem512, "Decapsulation", c); + init!(mlkem768, "Decapsulation", c); + init!(mlkem1024, "Decapsulation", c); #[cfg(all(feature = "mlkem768", feature = "pre-verification"))] - group.bench_function("libcrux unpacked portable", |b| { + c.bench_function("libcrux unpacked portable", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -233,7 +264,7 @@ pub fn decapsulation(c: &mut Criterion) { feature = "pre-verification", feature = "simd128" ))] - group.bench_function("libcrux unpacked neon", |b| { + c.bench_function("libcrux unpacked neon", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -260,7 +291,7 @@ pub fn decapsulation(c: &mut Criterion) { feature = "pre-verification", feature = "simd256" ))] - group.bench_function("libcrux unpacked avx2", |b| { + c.bench_function("libcrux unpacked avx2", |b| { let mut seed1 = [0; 64]; OsRng.fill_bytes(&mut seed1); let mut seed2 = [0; 32]; @@ -281,35 +312,6 @@ pub fn decapsulation(c: &mut Criterion) { BatchSize::SmallInput, ) }); - - macro_rules! fun { - ($name:expr, $p:path, $group:expr) => { - $group.bench_function(format!("libcrux {}", $name), |b| { - use $p as p; - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = p::generate_key_pair(seed1); - let (ciphertext, _shared_secret) = - p::encapsulate(keypair.public_key(), seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = - black_box(p::decapsulate(keypair.private_key(), &ciphertext)); - }, - BatchSize::SmallInput, - ) - }); - }; - } - - init!(mlkem512, "Decapsulation", c); - init!(mlkem768, "Decapsulation", c); - init!(mlkem1024, "Decapsulation", c); } pub fn comparisons(c: &mut Criterion) { diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 9500fee77..1d657d845 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -393,7 +393,7 @@ pub(crate) fn decapsulate_unpacked< Hasher, >(&key_pair.public_key, decrypted, pseudorandomness); - let selector = compare_ciphertexts_in_constant_time::( + let selector = compare_ciphertexts_in_constant_time( ciphertext.as_ref(), &expected_ciphertext, ); From 16ccb077cefe4e617c7f8ea89dae55ed78b4a2fb Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 9 Jul 2024 17:44:20 -0400 Subject: [PATCH 25/31] IND-CPA vs IND-CCA key types --- libcrux-ml-kem/benches/ml-kem.rs | 10 ------ libcrux-ml-kem/src/ind_cca.rs | 20 ++++++------ libcrux-ml-kem/src/ind_cca/instantiations.rs | 3 +- libcrux-ml-kem/src/ind_cpa.rs | 34 +++++++++----------- libcrux-ml-kem/src/mlkem1024.rs | 3 +- libcrux-ml-kem/src/mlkem512.rs | 3 +- libcrux-ml-kem/src/mlkem768.rs | 3 +- libcrux-ml-kem/src/types.rs | 24 ++++++++++---- libcrux-ml-kem/tests/self.rs | 1 - 9 files changed, 46 insertions(+), 55 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 9b2bc969f..3714eed05 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -79,7 +79,6 @@ pub fn key_generation(c: &mut Criterion) { let _kp = mlkem768::portable::generate_key_pair_unpacked(seed); }) }); - } pub fn pk_validation(c: &mut Criterion) { @@ -112,7 +111,6 @@ pub fn pk_validation(c: &mut Criterion) { } pub fn encapsulation(c: &mut Criterion) { - macro_rules! fun { ($name:expr, $p:path, $group:expr) => { $group.bench_function(format!("libcrux {} (external random)", $name), |b| { @@ -148,7 +146,6 @@ pub fn encapsulation(c: &mut Criterion) { |keypair| { let (_shared_secret, _ciphertext) = mlkem768::portable::encapsulate_unpacked( &keypair.public_key, - &keypair.public_key_hash, seed2, ); }, @@ -171,7 +168,6 @@ pub fn encapsulation(c: &mut Criterion) { |keypair| { let (_shared_secret, _ciphertext) = mlkem768::neon::encapsulate_unpacked( &keypair.public_key, - &keypair.public_key_hash, seed2, ); }, @@ -194,18 +190,15 @@ pub fn encapsulation(c: &mut Criterion) { |keypair| { let (_shared_secret, _ciphertext) = mlkem768::avx2::encapsulate_unpacked( &keypair.public_key, - &keypair.public_key_hash, seed2, ); }, BatchSize::SmallInput, ) }); - } pub fn decapsulation(c: &mut Criterion) { - macro_rules! fun { ($name:expr, $p:path, $group:expr) => { $group.bench_function(format!("libcrux {}", $name), |b| { @@ -246,7 +239,6 @@ pub fn decapsulation(c: &mut Criterion) { let keypair = mlkem768::portable::generate_key_pair_unpacked(seed1); let (ciphertext, _shared_secret) = mlkem768::portable::encapsulate_unpacked( &keypair.public_key, - &keypair.public_key_hash, seed2, ); (keypair, ciphertext) @@ -274,7 +266,6 @@ pub fn decapsulation(c: &mut Criterion) { let keypair = mlkem768::neon::generate_key_pair_unpacked(seed1); let (ciphertext, _shared_secret) = mlkem768::neon::encapsulate_unpacked( &keypair.public_key, - &keypair.public_key_hash, seed2, ); (keypair, ciphertext) @@ -301,7 +292,6 @@ pub fn decapsulation(c: &mut Criterion) { let keypair = mlkem768::avx2::generate_key_pair_unpacked(seed1); let (ciphertext, _shared_secret) = mlkem768::avx2::encapsulate_unpacked( &keypair.public_key, - &keypair.public_key_hash, seed2, ); (keypair, ciphertext) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 1d657d845..d7cd5733d 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -274,12 +274,11 @@ pub(crate) fn generate_keypair_unpacked< &ind_cpa_public_key.seed_for_A, ); let public_key_hash = Hasher::H(&pk_serialized); + let implicit_rejection_value : [u8; 32] = implicit_rejection_value.try_into().unwrap(); MlKemKeyPairUnpacked { - private_key: ind_cpa_private_key, - public_key: ind_cpa_public_key, - public_key_hash: public_key_hash, - implicit_rejection_value: implicit_rejection_value.try_into().unwrap(), + private_key: MlKemPrivateKeyUnpacked {ind_cpa_private_key, implicit_rejection_value}, + public_key: MlKemPublicKeyUnpacked {ind_cpa_public_key, public_key_hash} } } @@ -302,11 +301,10 @@ pub(crate) fn encapsulate_unpacked< Hasher: Hash, >( public_key: &MlKemPublicKeyUnpacked, - public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); - to_hash[H_DIGEST_SIZE..].copy_from_slice(public_key_hash); + to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); @@ -326,7 +324,7 @@ pub(crate) fn encapsulate_unpacked< ETA2_RANDOMNESS_SIZE, Vector, Hasher, - >(public_key, randomness, pseudorandomness); + >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; shared_secret_array.copy_from_slice(shared_secret); (MlKemCiphertext::from(ciphertext), shared_secret_array) @@ -363,16 +361,16 @@ pub(crate) fn decapsulate_unpacked< VECTOR_U_COMPRESSION_FACTOR, VECTOR_V_COMPRESSION_FACTOR, Vector, - >(&key_pair.private_key, &ciphertext.value); + >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key_hash); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = - into_padded_array(&key_pair.implicit_rejection_value); + into_padded_array(&key_pair.private_key.implicit_rejection_value); to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); @@ -391,7 +389,7 @@ pub(crate) fn decapsulate_unpacked< ETA2_RANDOMNESS_SIZE, Vector, Hasher, - >(&key_pair.public_key, decrypted, pseudorandomness); + >(&key_pair.public_key.ind_cpa_public_key, decrypted, pseudorandomness); let selector = compare_ciphertexts_in_constant_time( ciphertext.as_ref(), diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index de2c72911..e698bf888 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -263,7 +263,6 @@ macro_rules! instantiate { const ETA2_RANDOMNESS_SIZE: usize, >( public_key: &MlKemPublicKeyUnpacked, - public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { crate::ind_cca::encapsulate_unpacked::< @@ -282,7 +281,7 @@ macro_rules! instantiate { ETA2_RANDOMNESS_SIZE, $vector, $hash, - >(public_key, public_key_hash, randomness) + >(public_key, randomness) } /// Portable decapsulate diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 650fba3bc..89e8e2a32 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -147,9 +147,6 @@ fn sample_vector_cbd_then_ntt< #[allow(non_snake_case)] pub(crate) fn generate_keypair_unpacked< const K: usize, - //const PRIVATE_KEY_SIZE: usize, - //const PUBLIC_KEY_SIZE: usize, - //const RANKED_BYTES_PER_RING_ELEMENT: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, @@ -157,8 +154,8 @@ pub(crate) fn generate_keypair_unpacked< >( key_generation_seed: &[u8], ) -> ( - MlKemPrivateKeyUnpacked, - MlKemPublicKeyUnpacked, + IndCpaPrivateKeyUnpacked, + IndCpaPublicKeyUnpacked, ) { // (ρ,σ) := G(d) let hashed = Hasher::G(key_generation_seed); @@ -191,12 +188,13 @@ pub(crate) fn generate_keypair_unpacked< // core::array::from_fn(|j| A_transpose[j][i]) // }); - let pk = MlKemPublicKeyUnpacked { + let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); + let pk = IndCpaPublicKeyUnpacked { t_as_ntt, - A_transpose: A, - seed_for_A: seed_for_A.try_into().unwrap(), + A, + seed_for_A }; - let sk = MlKemPrivateKeyUnpacked { secret_as_ntt }; + let sk = IndCpaPrivateKeyUnpacked { secret_as_ntt }; (sk, pk) } @@ -306,7 +304,7 @@ pub(crate) fn encrypt_unpacked< Vector: Operations, Hasher: Hash, >( - public_key: &MlKemPublicKeyUnpacked, + public_key: &IndCpaPublicKeyUnpacked, message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { @@ -335,7 +333,7 @@ pub(crate) fn encrypt_unpacked< let error_2 = sample_from_binomial_distribution::(&prf_output); // u := NTT^{-1}(AˆT ◦ rˆ) + e_1 - let u = compute_vector_u(&public_key.A_transpose, &r_as_ntt, &error_1); + let u = compute_vector_u(&public_key.A, &r_as_ntt, &error_1); // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) let message_as_ring_element = deserialize_then_decompress_message(message); @@ -396,12 +394,12 @@ pub(crate) fn encrypt< // end for // end for let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; - let A_transpose = sample_matrix_A::(into_padded_array(seed), false); - - let public_key_unpacked = MlKemPublicKeyUnpacked { + let A = sample_matrix_A::(into_padded_array(seed), false); + let seed_for_A: [u8; 32] = seed.try_into().unwrap(); + let public_key_unpacked = IndCpaPublicKeyUnpacked { t_as_ntt, - A_transpose, - seed_for_A: seed.try_into().unwrap(), + A, + seed_for_A }; encrypt_unpacked::< K, @@ -490,7 +488,7 @@ pub(crate) fn decrypt_unpacked< const V_COMPRESSION_FACTOR: usize, Vector: Operations, >( - secret_key: &MlKemPrivateKeyUnpacked, + secret_key: &IndCpaPrivateKeyUnpacked, ciphertext: &[u8; CIPHERTEXT_SIZE], ) -> [u8; SHARED_SECRET_SIZE] { // u := Decompress_q(Decode_{d_u}(c), d_u) @@ -523,7 +521,7 @@ pub(crate) fn decrypt< // sˆ := Decode_12(sk) let secret_as_ntt = deserialize_secret_key::(secret_key); - let secret_key_unpacked = MlKemPrivateKeyUnpacked { secret_as_ntt }; + let secret_key_unpacked = IndCpaPrivateKeyUnpacked { secret_as_ntt }; decrypt_unpacked::< K, diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index c4b12d078..d50e0abaf 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -232,7 +232,6 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem1024PublicKeyUnpacked<$vec>, - public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { p::encapsulate_unpacked::< @@ -249,7 +248,7 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - >(public_key, public_key_hash, randomness) + >(public_key, randomness) } /// Decapsulate ML-KEM 1024 (unpacked) diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index baf25203a..a0ac56ca7 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -227,7 +227,6 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem512PublicKeyUnpacked<$vec>, - public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem512Ciphertext, MlKemSharedSecret) { p::encapsulate_unpacked::< @@ -244,7 +243,7 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - >(public_key, public_key_hash, randomness) + >(public_key, randomness) } /// Decapsulate ML-KEM 512 (unpacked) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 32faa823a..fb2a84425 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -230,7 +230,6 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. pub fn encapsulate_unpacked( public_key: &MlKem768PublicKeyUnpacked<$vec>, - public_key_hash: &[u8], randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKem768Ciphertext, MlKemSharedSecret) { p::encapsulate_unpacked::< @@ -247,7 +246,7 @@ macro_rules! instantiate { ETA1_RANDOMNESS_SIZE, ETA2, ETA2_RANDOMNESS_SIZE, - >(public_key, public_key_hash, randomness) + >(public_key, randomness) } /// Decapsulate ML-KEM 768 (unpacked) diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 7c3d34eb3..91c137fce 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -195,23 +195,33 @@ impl pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; - /// An unpacked ML-KEM Private Key - pub struct MlKemPrivateKeyUnpacked { + /// An unpacked ML-KEM IND-CPA Private Key + pub struct IndCpaPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } - /// An unpacked ML-KEM Public Key - pub struct MlKemPublicKeyUnpacked { + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPrivateKeyUnpacked { + pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, + pub(crate) implicit_rejection_value: [u8; 32], + } + + /// An unpacked ML-KEM IND-CPA Private Key + pub struct IndCpaPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], - pub(crate) A_transpose: [[PolynomialRingElement; K]; K], + pub(crate) A: [[PolynomialRingElement; K]; K], + } + + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPublicKeyUnpacked { + pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, + pub(crate) public_key_hash: [u8; 32] } /// An unpacked ML-KEM KeyPair pub struct MlKemKeyPairUnpacked { pub private_key: MlKemPrivateKeyUnpacked, pub public_key: MlKemPublicKeyUnpacked, - pub public_key_hash: [u8; 32], - pub implicit_rejection_value: [u8; 32], } } diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index baf1e410b..cf02aa63c 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -46,7 +46,6 @@ macro_rules! impl_consistency_unpacked { let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); let (ciphertext_unpacked, shared_secret_unpacked) = $encaps_unpacked( &key_pair_unpacked.public_key, - &key_pair_unpacked.public_key_hash, randomness, ); assert_eq!( From 4644be0afb3854091b6a148808098fa76b21a233 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 9 Jul 2024 18:04:10 -0400 Subject: [PATCH 26/31] remaining fixes --- libcrux-ml-kem/src/ind_cca.rs | 22 +++++++++++++++++++++- libcrux-ml-kem/src/ind_cpa.rs | 19 +++++-------------- libcrux-ml-kem/src/polynomial.rs | 3 ++- libcrux-ml-kem/tests/self.rs | 1 + 4 files changed, 29 insertions(+), 16 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index d7cd5733d..218676b1d 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -4,6 +4,7 @@ use crate::{ }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, + polynomial::PolynomialRingElement, ind_cpa::serialize_public_key, serialize::deserialize_ring_elements_reduced, types::{unpacked::*, *}, @@ -265,10 +266,29 @@ pub(crate) fn generate_keypair_unpacked< ) -> MlKemKeyPairUnpacked { let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let (ind_cpa_private_key, ind_cpa_public_key) = + let (ind_cpa_private_key, mut ind_cpa_public_key) = crate::ind_cpa::generate_keypair_unpacked::( ind_cpa_keypair_randomness, ); + + // We need to un-transpose the A_transpose matrix provided by IND-CPA + // We would like to write the following but it is not supported by Eurydice yet. + // https://github.com/AeneasVerif/eurydice/issues/39 + // + // let A = core::array::from_fn(|i| { + // core::array::from_fn(|j| A_transpose[j][i]) + // }); + + let mut A = core::array::from_fn(|_i| { + core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) + }); + for i in 0..K { + for j in 0..K { + A[i][j] = ind_cpa_public_key.A[j][i].clone(); + } + } + ind_cpa_public_key.A = A; + let pk_serialized = serialize_public_key::( &ind_cpa_public_key.t_as_ntt, &ind_cpa_public_key.seed_for_A, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 89e8e2a32..7de82dc9a 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -175,23 +175,14 @@ pub(crate) fn generate_keypair_unpacked< // tˆ := Aˆ ◦ sˆ + eˆ let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); - let mut A = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - for i in 0..K { - for j in 0..K { - A[i][j] = A_transpose[j][i]; - } - } - // We would like to write the following but it is not supported by Eurydice yet. - // let A = core::array::from_fn(|i| { - // core::array::from_fn(|j| A_transpose[j][i]) - // }); - let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); + + // For encapsulation, we need to store A not Aˆ, and so we untranspose A + // However, we pass A_transpose here and let the IND-CCA layer do the untranspose. + // We could do it here, but then we would pay the performance cost (if any) for the packed API as well. let pk = IndCpaPublicKeyUnpacked { t_as_ntt, - A, + A: A_transpose, seed_for_A }; let sk = IndCpaPrivateKeyUnpacked { secret_as_ntt }; diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index f560e97da..96877d128 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,7 +14,8 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[derive(Clone, Copy)] +#[cfg_attr(eurydice, derive(Clone, Copy))] +#[cfg_attr(not(eurydice), derive(Clone))] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index cf02aa63c..0a8a96441 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -34,6 +34,7 @@ macro_rules! impl_consistency { }; } +#[cfg(feature = "pre-verification")] macro_rules! impl_consistency_unpacked { ($name:ident, $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr) => { #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] From cfc57acd9e441a6296f8bb0f2cc2a8e72579d6ee Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 9 Jul 2024 18:04:33 -0400 Subject: [PATCH 27/31] fmt --- libcrux-ml-kem/benches/ml-kem.rs | 36 +++++++++++--------------------- libcrux-ml-kem/tests/self.rs | 6 ++---- 2 files changed, 14 insertions(+), 28 deletions(-) diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 3714eed05..37334be2a 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -144,10 +144,8 @@ pub fn encapsulation(c: &mut Criterion) { b.iter_batched( || mlkem768::portable::generate_key_pair_unpacked(seed1), |keypair| { - let (_shared_secret, _ciphertext) = mlkem768::portable::encapsulate_unpacked( - &keypair.public_key, - seed2, - ); + let (_shared_secret, _ciphertext) = + mlkem768::portable::encapsulate_unpacked(&keypair.public_key, seed2); }, BatchSize::SmallInput, ) @@ -166,10 +164,8 @@ pub fn encapsulation(c: &mut Criterion) { b.iter_batched( || mlkem768::neon::generate_key_pair_unpacked(seed1), |keypair| { - let (_shared_secret, _ciphertext) = mlkem768::neon::encapsulate_unpacked( - &keypair.public_key, - seed2, - ); + let (_shared_secret, _ciphertext) = + mlkem768::neon::encapsulate_unpacked(&keypair.public_key, seed2); }, BatchSize::SmallInput, ) @@ -188,10 +184,8 @@ pub fn encapsulation(c: &mut Criterion) { b.iter_batched( || mlkem768::avx2::generate_key_pair_unpacked(seed1), |keypair| { - let (_shared_secret, _ciphertext) = mlkem768::avx2::encapsulate_unpacked( - &keypair.public_key, - seed2, - ); + let (_shared_secret, _ciphertext) = + mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, seed2); }, BatchSize::SmallInput, ) @@ -237,10 +231,8 @@ pub fn decapsulation(c: &mut Criterion) { b.iter_batched( || { let keypair = mlkem768::portable::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = mlkem768::portable::encapsulate_unpacked( - &keypair.public_key, - seed2, - ); + let (ciphertext, _shared_secret) = + mlkem768::portable::encapsulate_unpacked(&keypair.public_key, seed2); (keypair, ciphertext) }, |(keypair, ciphertext)| { @@ -264,10 +256,8 @@ pub fn decapsulation(c: &mut Criterion) { b.iter_batched( || { let keypair = mlkem768::neon::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = mlkem768::neon::encapsulate_unpacked( - &keypair.public_key, - seed2, - ); + let (ciphertext, _shared_secret) = + mlkem768::neon::encapsulate_unpacked(&keypair.public_key, seed2); (keypair, ciphertext) }, |(keypair, ciphertext)| { @@ -290,10 +280,8 @@ pub fn decapsulation(c: &mut Criterion) { b.iter_batched( || { let keypair = mlkem768::avx2::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = mlkem768::avx2::encapsulate_unpacked( - &keypair.public_key, - seed2, - ); + let (ciphertext, _shared_secret) = + mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, seed2); (keypair, ciphertext) }, |(keypair, ciphertext)| { diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 0a8a96441..6f47366b7 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -45,10 +45,8 @@ macro_rules! impl_consistency_unpacked { let key_pair = $key_gen(randomness); let randomness = random_array(); let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); - let (ciphertext_unpacked, shared_secret_unpacked) = $encaps_unpacked( - &key_pair_unpacked.public_key, - randomness, - ); + let (ciphertext_unpacked, shared_secret_unpacked) = + $encaps_unpacked(&key_pair_unpacked.public_key, randomness); assert_eq!( shared_secret, shared_secret_unpacked, "lhs: shared_secret, rhs: shared_secret_unpacked" From eb31e082b0c4836fb5090c62b95d5c68a07a6816 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Wed, 10 Jul 2024 00:35:20 +0200 Subject: [PATCH 28/31] C code refresh --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 25 +- .../c/internal/libcrux_mlkem_avx2.h | 50 +- .../c/internal/libcrux_mlkem_portable.h | 50 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- .../c/karamel/include/krml/fstar_int.h | 59 +- .../c/karamel/include/krml/internal/builtin.h | 4 +- .../c/karamel/include/krml/internal/compat.h | 19 +- .../c/karamel/include/krml/internal/debug.h | 16 +- .../c/karamel/include/krml/internal/target.h | 336 ++- .../c/karamel/include/krml/internal/types.h | 22 +- .../karamel/include/krml/lowstar_endianness.h | 223 +- libcrux-ml-kem/c/karamel/include/krmllib.h | 9 +- .../krmllib/dist/minimal/FStar_UInt128.h | 80 +- .../dist/minimal/FStar_UInt128_Verified.h | 280 +-- .../dist/minimal/FStar_UInt_8_16_32_64.h | 31 +- .../krmllib/dist/minimal/LowStar_Endianness.h | 7 +- .../dist/minimal/fstar_uint128_gcc64.h | 35 +- .../krmllib/dist/minimal/fstar_uint128_msvc.h | 223 +- .../minimal/fstar_uint128_struct_endianness.h | 20 +- libcrux-ml-kem/c/libcrux_core.c | 18 +- libcrux-ml-kem/c/libcrux_core.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 71 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 20 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 71 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 20 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 71 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 21 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 71 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 21 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 69 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 20 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 69 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 20 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2212 +++++++++++----- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 115 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2215 ++++++++++++----- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 115 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- 48 files changed, 4866 insertions(+), 1900 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 704a6f533..bca2d74da 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,5 +1,5 @@ This code was generated with the following tools: -Charon: 4bc2a90d4dab2efeb7f6db3fb61f850440d1b9e8 +Charon: aeeae1d46704810bf498db552a75dff15aa3abcc Eurydice: ffeb01ce4cf0646e5cadec836bc042f98b8a16a8 -Karamel: 285552497829dd57fc019f946dce21c70ab35a0b -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Karamel: 42a431696cd32d41155d7e484720eb71fd5dc7b1 +F*: f09228ef9a64ac4ef383ee0e10656ccb612db2ee diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ad680d5b8..062946cfc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_core_H @@ -136,6 +136,19 @@ libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice__ void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, uint8_t ret[33U]); +typedef struct + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_s { + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; + union { + uint8_t case_Ok[32U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError; + +void core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError self, + uint8_t ret[32U]); + void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]); @@ -151,7 +164,7 @@ void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -164,7 +177,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_24size_t__core_arr typedef struct core_result_Result__uint8_t_20size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -177,7 +190,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_20size_t__core_arr typedef struct core_result_Result__uint8_t_10size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -190,7 +203,7 @@ void core_result__core__result__Result_T__E___unwrap__uint8_t_10size_t__core_arr typedef struct core_result_Result__int16_t_16size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e1206b3e4..1887e29c2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -21,15 +21,30 @@ extern "C" { bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -37,15 +52,30 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -53,15 +83,31 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 348a27267..ea0b9b9e6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -26,15 +26,30 @@ extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -42,15 +57,31 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, @@ -59,15 +90,30 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_t bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uint8_t *public_key); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *public_key, + uint8_t randomness[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index fcefcb93c..a606239bd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index f09b6b375..e475d9bd3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/fstar_int.h b/libcrux-ml-kem/c/karamel/include/krml/fstar_int.h index 174ae59e3..5e0b27015 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/fstar_int.h +++ b/libcrux-ml-kem/c/karamel/include/krml/fstar_int.h @@ -12,70 +12,79 @@ * * GCC, MSVC, and Clang implement a >> b as an arithmetic shift. * - * GCC: https://gcc.gnu.org/onlinedocs/gcc-9.1.0/gcc/Integers-implementation.html#Integers-implementation - * MSVC: https://docs.microsoft.com/en-us/cpp/cpp/left-shift-and-right-shift-operators-input-and-output?view=vs-2019#right-shifts + * GCC: + * https://gcc.gnu.org/onlinedocs/gcc-9.1.0/gcc/Integers-implementation.html#Integers-implementation + * MSVC: + * https://docs.microsoft.com/en-us/cpp/cpp/left-shift-and-right-shift-operators-input-and-output?view=vs-2019#right-shifts * Clang: tested that Clang 7, 8 and 9 compile this to an arithmetic shift * * We implement arithmetic shift right simply as >> in these compilers * and bail out in others. */ -#if !(defined(_MSC_VER) || defined(__GNUC__) || (defined(__clang__) && (__clang_major__ >= 7))) +#if !(defined(_MSC_VER) || defined(__GNUC__) || \ + (defined(__clang__) && (__clang_major__ >= 7))) -static inline -int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { +static inline int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EPRINTF( + "Could not identify compiler so could not provide an implementation of " + "signed arithmetic shift right.\n"); KRML_HOST_EXIT(255); } while (0); } -static inline -int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { +static inline int16_t FStar_Int16_shift_arithmetic_right(int16_t a, + uint32_t b) { do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EPRINTF( + "Could not identify compiler so could not provide an implementation of " + "signed arithmetic shift right.\n"); KRML_HOST_EXIT(255); } while (0); } -static inline -int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { +static inline int32_t FStar_Int32_shift_arithmetic_right(int32_t a, + uint32_t b) { do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EPRINTF( + "Could not identify compiler so could not provide an implementation of " + "signed arithmetic shift right.\n"); KRML_HOST_EXIT(255); } while (0); } -static inline -int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { +static inline int64_t FStar_Int64_shift_arithmetic_right(int64_t a, + uint32_t b) { do { - KRML_HOST_EPRINTF("Could not identify compiler so could not provide an implementation of signed arithmetic shift right.\n"); + KRML_HOST_EPRINTF( + "Could not identify compiler so could not provide an implementation of " + "signed arithmetic shift right.\n"); KRML_HOST_EXIT(255); } while (0); } #else -static inline -int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { +static inline int8_t FStar_Int8_shift_arithmetic_right(int8_t a, uint32_t b) { return (a >> b); } -static inline -int16_t FStar_Int16_shift_arithmetic_right(int16_t a, uint32_t b) { +static inline int16_t FStar_Int16_shift_arithmetic_right(int16_t a, + uint32_t b) { return (a >> b); } -static inline -int32_t FStar_Int32_shift_arithmetic_right(int32_t a, uint32_t b) { +static inline int32_t FStar_Int32_shift_arithmetic_right(int32_t a, + uint32_t b) { return (a >> b); } -static inline -int64_t FStar_Int64_shift_arithmetic_right(int64_t a, uint32_t b) { +static inline int64_t FStar_Int64_shift_arithmetic_right(int64_t a, + uint32_t b) { return (a >> b); } -#endif /* !(defined(_MSC_VER) ... ) */ +#endif /* !(defined(_MSC_VER) ... ) */ -#endif /* __FSTAR_INT_H */ +#endif /* __FSTAR_INT_H */ diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h index 6098f30be..07ff15678 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h @@ -6,9 +6,9 @@ /* For alloca, when using KaRaMeL's -falloca */ #if (defined(_WIN32) || defined(_WIN64)) -# include +#include #elif (defined(sun)) -# include +#include #endif /* If some globals need to be initialized before the main, then karamel will diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h index b557bbc1b..98b5d117a 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h @@ -17,16 +17,15 @@ typedef struct { typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int, krml_checked_int_t; -#define RETURN_OR(x) \ - do { \ - int64_t __ret = x; \ - if (__ret < INT32_MIN || INT32_MAX < __ret) { \ - KRML_HOST_PRINTF( \ - "Prims.{int,nat,pos} integer overflow at %s:%d\n", __FILE__, \ - __LINE__); \ - KRML_HOST_EXIT(252); \ - } \ - return (int32_t)__ret; \ +#define RETURN_OR(x) \ + do { \ + int64_t __ret = x; \ + if (__ret < INT32_MIN || INT32_MAX < __ret) { \ + KRML_HOST_PRINTF("Prims.{int,nat,pos} integer overflow at %s:%d\n", \ + __FILE__, __LINE__); \ + KRML_HOST_EXIT(252); \ + } \ + return (int32_t)__ret; \ } while (0) #endif diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h index 786db147e..6c209d947 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h @@ -44,14 +44,14 @@ void WasmSupport_check_buffer_size(uint32_t s); default : "unknown") /* clang-format on */ -# define KRML_DEBUG_RETURN(X) \ - ({ \ - __auto_type _ret = (X); \ - KRML_HOST_PRINTF("returning: "); \ - KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \ - KRML_HOST_PRINTF(" \n"); \ - _ret; \ - }) +#define KRML_DEBUG_RETURN(X) \ + ({ \ + __auto_type _ret = (X); \ + KRML_HOST_PRINTF("returning: "); \ + KRML_HOST_PRINTF(KRML_FORMAT(_ret), KRML_FORMAT_ARG(_ret)); \ + KRML_HOST_PRINTF(" \n"); \ + _ret; \ + }) #endif #endif diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index ec988f08c..df1a1d57f 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -16,7 +16,7 @@ * guidelines at https://gcc.gnu.org/onlinedocs/gcc/Inline.html and make this * __inline__ to ensure the code compiles with -std=c90 and earlier. */ #ifdef __GNUC__ -# define inline __inline__ +#define inline __inline__ #endif /******************************************************************************/ @@ -26,93 +26,92 @@ /* For "bare" targets that do not have a C stdlib, the user might want to use * [-add-early-include '"mydefinitions.h"'] and override these. */ #ifndef KRML_HOST_PRINTF -# define KRML_HOST_PRINTF printf +#define KRML_HOST_PRINTF printf #endif -#if \ - ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ - (defined(__cplusplus) && __cplusplus > 199711L)) && \ +#if ((defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ + (defined(__cplusplus) && __cplusplus > 199711L)) && \ (!defined(KRML_HOST_EPRINTF)) -# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) #elif !(defined KRML_HOST_EPRINTF) && defined(_MSC_VER) -# define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) +#define KRML_HOST_EPRINTF(...) fprintf(stderr, __VA_ARGS__) #endif #ifndef KRML_HOST_EXIT -# define KRML_HOST_EXIT exit +#define KRML_HOST_EXIT exit #endif #ifndef KRML_HOST_MALLOC -# define KRML_HOST_MALLOC malloc +#define KRML_HOST_MALLOC malloc #endif #ifndef KRML_HOST_CALLOC -# define KRML_HOST_CALLOC calloc +#define KRML_HOST_CALLOC calloc #endif #ifndef KRML_HOST_FREE -# define KRML_HOST_FREE free +#define KRML_HOST_FREE free #endif #ifndef KRML_HOST_IGNORE -# define KRML_HOST_IGNORE(x) (void)(x) +#define KRML_HOST_IGNORE(x) (void)(x) #endif #ifndef KRML_MAYBE_UNUSED_VAR -# define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x) +#define KRML_MAYBE_UNUSED_VAR(x) KRML_HOST_IGNORE(x) #endif #ifndef KRML_MAYBE_UNUSED -# if defined(__GNUC__) -# define KRML_MAYBE_UNUSED __attribute__((unused)) -# else -# define KRML_MAYBE_UNUSED -# endif +#if defined(__GNUC__) +#define KRML_MAYBE_UNUSED __attribute__((unused)) +#else +#define KRML_MAYBE_UNUSED +#endif #endif #ifndef KRML_NOINLINE -# if defined(_MSC_VER) -# define KRML_NOINLINE __declspec(noinline) -# elif defined (__GNUC__) -# define KRML_NOINLINE __attribute__((noinline,unused)) -# else -# define KRML_NOINLINE -# warning "The KRML_NOINLINE macro is not defined for this toolchain!" -# warning "The compiler may defeat side-channel resistance with optimizations." -# warning "Please locate target.h and try to fill it out with a suitable definition for this compiler." -# endif +#if defined(_MSC_VER) +#define KRML_NOINLINE __declspec(noinline) +#elif defined(__GNUC__) +#define KRML_NOINLINE __attribute__((noinline, unused)) +#else +#define KRML_NOINLINE +#warning "The KRML_NOINLINE macro is not defined for this toolchain!" +#warning "The compiler may defeat side-channel resistance with optimizations." +#warning \ + "Please locate target.h and try to fill it out with a suitable definition for this compiler." +#endif #endif #ifndef KRML_PRE_ALIGN -# ifdef _MSC_VER -# define KRML_PRE_ALIGN(X) __declspec(align(X)) -# else -# define KRML_PRE_ALIGN(X) -# endif +#ifdef _MSC_VER +#define KRML_PRE_ALIGN(X) __declspec(align(X)) +#else +#define KRML_PRE_ALIGN(X) +#endif #endif #ifndef KRML_POST_ALIGN -# ifdef _MSC_VER -# define KRML_POST_ALIGN(X) -# else -# define KRML_POST_ALIGN(X) __attribute__((aligned(X))) -# endif +#ifdef _MSC_VER +#define KRML_POST_ALIGN(X) +#else +#define KRML_POST_ALIGN(X) __attribute__((aligned(X))) +#endif #endif /* MinGW-W64 does not support C11 aligned_alloc, but it supports * MSVC's _aligned_malloc. */ #ifndef KRML_ALIGNED_MALLOC -# ifdef __MINGW32__ -# include <_mingw.h> -# endif -# if ( \ - defined(_MSC_VER) || \ - (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) -# define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X) -# else -# define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y) -# endif +#ifdef __MINGW32__ +#include <_mingw.h> +#endif +#if (defined(_MSC_VER) || \ + (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) +#define KRML_ALIGNED_MALLOC(X, Y) _aligned_malloc(Y, X) +#else +#define KRML_ALIGNED_MALLOC(X, Y) aligned_alloc(X, Y) +#endif #endif /* Since aligned allocations with MinGW-W64 are done with @@ -120,28 +119,25 @@ * _aligned_free. */ #ifndef KRML_ALIGNED_FREE -# ifdef __MINGW32__ -# include <_mingw.h> -# endif -# if ( \ - defined(_MSC_VER) || \ - (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) -# define KRML_ALIGNED_FREE(X) _aligned_free(X) -# else -# define KRML_ALIGNED_FREE(X) free(X) -# endif +#ifdef __MINGW32__ +#include <_mingw.h> +#endif +#if (defined(_MSC_VER) || \ + (defined(__MINGW32__) && defined(__MINGW64_VERSION_MAJOR))) +#define KRML_ALIGNED_FREE(X) _aligned_free(X) +#else +#define KRML_ALIGNED_FREE(X) free(X) +#endif #endif #ifndef KRML_HOST_TIME -# include +#include /* Prims_nat not yet in scope */ -inline static int32_t krml_time(void) { - return (int32_t)time(NULL); -} +inline static int32_t krml_time(void) { return (int32_t)time(NULL); } -# define KRML_HOST_TIME krml_time +#define KRML_HOST_TIME krml_time #endif /* In statement position, exiting is easy. */ @@ -154,243 +150,243 @@ inline static int32_t krml_time(void) { /* In expression position, use the comma-operator and a malloc to return an * expression of the right size. KaRaMeL passes t as the parameter to the macro. */ -#define KRML_EABORT(t, msg) \ - (KRML_HOST_PRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \ +#define KRML_EABORT(t, msg) \ + (KRML_HOST_PRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, msg), \ KRML_HOST_EXIT(255), *((t *)KRML_HOST_MALLOC(sizeof(t)))) /* In FStar.Buffer.fst, the size of arrays is uint32_t, but it's a number of * *elements*. Do an ugly, run-time check (some of which KaRaMeL can eliminate). */ #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) -# define _KRML_CHECK_SIZE_PRAGMA \ - _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") +#define _KRML_CHECK_SIZE_PRAGMA \ + _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") #else -# define _KRML_CHECK_SIZE_PRAGMA -#endif - -#define KRML_CHECK_SIZE(size_elt, sz) \ - do { \ - _KRML_CHECK_SIZE_PRAGMA \ - if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ - KRML_HOST_PRINTF( \ - "Maximum allocatable size exceeded, aborting before overflow at " \ - "%s:%d\n", \ - __FILE__, __LINE__); \ - KRML_HOST_EXIT(253); \ - } \ +#define _KRML_CHECK_SIZE_PRAGMA +#endif + +#define KRML_CHECK_SIZE(size_elt, sz) \ + do { \ + _KRML_CHECK_SIZE_PRAGMA \ + if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ + KRML_HOST_PRINTF( \ + "Maximum allocatable size exceeded, aborting before overflow at " \ + "%s:%d\n", \ + __FILE__, __LINE__); \ + KRML_HOST_EXIT(253); \ + } \ } while (0) #if defined(_MSC_VER) && _MSC_VER < 1900 -# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) \ - _snprintf_s(buf, sz, _TRUNCATE, fmt, arg) +#define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) \ + _snprintf_s(buf, sz, _TRUNCATE, fmt, arg) #else -# define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg) +#define KRML_HOST_SNPRINTF(buf, sz, fmt, arg) snprintf(buf, sz, fmt, arg) #endif #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 4)) -# define KRML_DEPRECATED(x) __attribute__((deprecated(x))) +#define KRML_DEPRECATED(x) __attribute__((deprecated(x))) #elif defined(__GNUC__) /* deprecated attribute is not defined in GCC < 4.5. */ -# define KRML_DEPRECATED(x) +#define KRML_DEPRECATED(x) #elif defined(_MSC_VER) -# define KRML_DEPRECATED(x) __declspec(deprecated(x)) +#define KRML_DEPRECATED(x) __declspec(deprecated(x)) #endif /* Macros for prettier unrolling of loops */ -#define KRML_LOOP1(i, n, x) { \ - x \ - i += n; \ - (void) i; \ -} - -#define KRML_LOOP2(i, n, x) \ - KRML_LOOP1(i, n, x) \ +#define KRML_LOOP1(i, n, x) \ + { \ + x i += n; \ + (void)i; \ + } + +#define KRML_LOOP2(i, n, x) \ + KRML_LOOP1(i, n, x) \ KRML_LOOP1(i, n, x) -#define KRML_LOOP3(i, n, x) \ - KRML_LOOP2(i, n, x) \ +#define KRML_LOOP3(i, n, x) \ + KRML_LOOP2(i, n, x) \ KRML_LOOP1(i, n, x) -#define KRML_LOOP4(i, n, x) \ - KRML_LOOP2(i, n, x) \ +#define KRML_LOOP4(i, n, x) \ + KRML_LOOP2(i, n, x) \ KRML_LOOP2(i, n, x) -#define KRML_LOOP5(i, n, x) \ - KRML_LOOP4(i, n, x) \ +#define KRML_LOOP5(i, n, x) \ + KRML_LOOP4(i, n, x) \ KRML_LOOP1(i, n, x) -#define KRML_LOOP6(i, n, x) \ - KRML_LOOP4(i, n, x) \ +#define KRML_LOOP6(i, n, x) \ + KRML_LOOP4(i, n, x) \ KRML_LOOP2(i, n, x) -#define KRML_LOOP7(i, n, x) \ - KRML_LOOP4(i, n, x) \ +#define KRML_LOOP7(i, n, x) \ + KRML_LOOP4(i, n, x) \ KRML_LOOP3(i, n, x) -#define KRML_LOOP8(i, n, x) \ - KRML_LOOP4(i, n, x) \ +#define KRML_LOOP8(i, n, x) \ + KRML_LOOP4(i, n, x) \ KRML_LOOP4(i, n, x) -#define KRML_LOOP9(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP9(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP1(i, n, x) -#define KRML_LOOP10(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP10(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP2(i, n, x) -#define KRML_LOOP11(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP11(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP3(i, n, x) -#define KRML_LOOP12(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP12(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP4(i, n, x) -#define KRML_LOOP13(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP13(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP5(i, n, x) -#define KRML_LOOP14(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP14(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP6(i, n, x) -#define KRML_LOOP15(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP15(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP7(i, n, x) -#define KRML_LOOP16(i, n, x) \ - KRML_LOOP8(i, n, x) \ +#define KRML_LOOP16(i, n, x) \ + KRML_LOOP8(i, n, x) \ KRML_LOOP8(i, n, x) -#define KRML_LOOP24(i, n, x) \ - KRML_LOOP16(i, n, x) \ +#define KRML_LOOP24(i, n, x) \ + KRML_LOOP16(i, n, x) \ KRML_LOOP8(i, n, x) -#define KRML_UNROLL_FOR(i, z, n, k, x) \ - do { \ - uint32_t i = z; \ - KRML_LOOP##n(i, k, x) \ +#define KRML_UNROLL_FOR(i, z, n, k, x) \ + do { \ + uint32_t i = z; \ + KRML_LOOP##n(i, k, x) \ } while (0) -#define KRML_ACTUAL_FOR(i, z, n, k, x) \ - do { \ - for (uint32_t i = z; i < n; i += k) { \ - x \ - } \ +#define KRML_ACTUAL_FOR(i, z, n, k, x) \ + do { \ + for (uint32_t i = z; i < n; i += k) { \ + x \ + } \ } while (0) #ifndef KRML_UNROLL_MAX -# define KRML_UNROLL_MAX 24 +#define KRML_UNROLL_MAX 24 #endif /* 1 is the number of loop iterations, i.e. (n - z)/k as evaluated by krml */ #if 0 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR0(i, z, n, k, x) +#define KRML_MAYBE_FOR0(i, z, n, k, x) #else -# define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR0(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 1 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x) +#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 1, k, x) #else -# define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR1(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 2 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x) +#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 2, k, x) #else -# define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR2(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 3 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x) +#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 3, k, x) #else -# define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR3(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 4 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x) +#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 4, k, x) #else -# define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR4(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 5 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x) +#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 5, k, x) #else -# define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR5(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 6 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x) +#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 6, k, x) #else -# define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR6(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 7 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x) +#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 7, k, x) #else -# define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR7(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 8 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x) +#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 8, k, x) #else -# define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR8(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 9 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x) +#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 9, k, x) #else -# define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR9(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 10 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x) +#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 10, k, x) #else -# define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR10(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 11 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x) +#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 11, k, x) #else -# define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR11(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 12 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x) +#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 12, k, x) #else -# define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR12(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 13 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x) +#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 13, k, x) #else -# define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR13(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 14 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x) +#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 14, k, x) #else -# define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR14(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 15 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x) +#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 15, k, x) #else -# define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR15(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 16 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x) +#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 16, k, x) #else -# define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR16(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #if 24 <= KRML_UNROLL_MAX -# define KRML_MAYBE_FOR24(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 24, k, x) +#define KRML_MAYBE_FOR24(i, z, n, k, x) KRML_UNROLL_FOR(i, z, 24, k, x) #else -# define KRML_MAYBE_FOR24(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) +#define KRML_MAYBE_FOR24(i, z, n, k, x) KRML_ACTUAL_FOR(i, z, n, k, x) #endif #endif diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h index e41b39be9..a41c64bc0 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h @@ -5,9 +5,9 @@ #define KRML_TYPES_H #include +#include #include #include -#include /* Types which are either abstract, meaning that have to be implemented in C, or * which are models, meaning that they are swapped out at compile-time for @@ -33,7 +33,8 @@ typedef FILE *FStar_IO_fd_read, *FStar_IO_fd_write; typedef void *FStar_Dyn_dyn; -typedef const char *C_String_t, *C_String_t_, *C_Compat_String_t, *C_Compat_String_t_; +typedef const char *C_String_t, *C_String_t_, *C_Compat_String_t, + *C_Compat_String_t_; typedef int exit_code; typedef FILE *channel; @@ -54,15 +55,12 @@ typedef const char *Prims_string; /* This code makes a number of assumptions and should be refined. In particular, * it assumes that: any non-MSVC amd64 compiler supports int128. Maybe it would * be easier to just test for defined(__SIZEOF_INT128__) only? */ -#if (defined(__x86_64__) || \ - defined(__x86_64) || \ - defined(__aarch64__) || \ - (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \ - defined(__s390x__) || \ - (defined(_MSC_VER) && defined(_M_X64) && defined(__clang__)) || \ - (defined(__mips__) && defined(__LP64__)) || \ - (defined(__riscv) && __riscv_xlen == 64) || \ - defined(__SIZEOF_INT128__)) +#if (defined(__x86_64__) || defined(__x86_64) || defined(__aarch64__) || \ + (defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)) || \ + defined(__s390x__) || \ + (defined(_MSC_VER) && defined(_M_X64) && defined(__clang__)) || \ + (defined(__mips__) && defined(__LP64__)) || \ + (defined(__riscv) && __riscv_xlen == 64) || defined(__SIZEOF_INT128__)) #define HAS_INT128 1 #endif @@ -70,7 +68,7 @@ typedef const char *Prims_string; * it, depending on the compiler and whether the user wants the verified * implementation or not. */ #if !defined(KRML_VERIFIED_UINT128) && defined(IS_MSVC64) -# include +#include typedef __m128i FStar_UInt128_uint128; #elif !defined(KRML_VERIFIED_UINT128) && defined(HAS_INT128) typedef unsigned __int128 FStar_UInt128_uint128; diff --git a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h index 1aa2ccd64..3e92cdc8a 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h @@ -4,153 +4,156 @@ #ifndef __LOWSTAR_ENDIANNESS_H #define __LOWSTAR_ENDIANNESS_H -#include #include +#include /******************************************************************************/ /* Implementing C.fst (part 2: endian-ness macros) */ /******************************************************************************/ /* ... for Linux */ -#if defined(__linux__) || defined(__CYGWIN__) || defined (__USE_SYSTEM_ENDIAN_H__) || defined(__GLIBC__) -# include +#if defined(__linux__) || defined(__CYGWIN__) || \ + defined(__USE_SYSTEM_ENDIAN_H__) || defined(__GLIBC__) +#include /* ... for OSX */ #elif defined(__APPLE__) -# include -# define htole64(x) OSSwapHostToLittleInt64(x) -# define le64toh(x) OSSwapLittleToHostInt64(x) -# define htobe64(x) OSSwapHostToBigInt64(x) -# define be64toh(x) OSSwapBigToHostInt64(x) - -# define htole16(x) OSSwapHostToLittleInt16(x) -# define le16toh(x) OSSwapLittleToHostInt16(x) -# define htobe16(x) OSSwapHostToBigInt16(x) -# define be16toh(x) OSSwapBigToHostInt16(x) - -# define htole32(x) OSSwapHostToLittleInt32(x) -# define le32toh(x) OSSwapLittleToHostInt32(x) -# define htobe32(x) OSSwapHostToBigInt32(x) -# define be32toh(x) OSSwapBigToHostInt32(x) +#include +#define htole64(x) OSSwapHostToLittleInt64(x) +#define le64toh(x) OSSwapLittleToHostInt64(x) +#define htobe64(x) OSSwapHostToBigInt64(x) +#define be64toh(x) OSSwapBigToHostInt64(x) + +#define htole16(x) OSSwapHostToLittleInt16(x) +#define le16toh(x) OSSwapLittleToHostInt16(x) +#define htobe16(x) OSSwapHostToBigInt16(x) +#define be16toh(x) OSSwapBigToHostInt16(x) + +#define htole32(x) OSSwapHostToLittleInt32(x) +#define le32toh(x) OSSwapLittleToHostInt32(x) +#define htobe32(x) OSSwapHostToBigInt32(x) +#define be32toh(x) OSSwapBigToHostInt32(x) /* ... for Solaris */ #elif defined(__sun__) -# include -# define htole64(x) LE_64(x) -# define le64toh(x) LE_64(x) -# define htobe64(x) BE_64(x) -# define be64toh(x) BE_64(x) - -# define htole16(x) LE_16(x) -# define le16toh(x) LE_16(x) -# define htobe16(x) BE_16(x) -# define be16toh(x) BE_16(x) - -# define htole32(x) LE_32(x) -# define le32toh(x) LE_32(x) -# define htobe32(x) BE_32(x) -# define be32toh(x) BE_32(x) +#include +#define htole64(x) LE_64(x) +#define le64toh(x) LE_64(x) +#define htobe64(x) BE_64(x) +#define be64toh(x) BE_64(x) + +#define htole16(x) LE_16(x) +#define le16toh(x) LE_16(x) +#define htobe16(x) BE_16(x) +#define be16toh(x) BE_16(x) + +#define htole32(x) LE_32(x) +#define le32toh(x) LE_32(x) +#define htobe32(x) BE_32(x) +#define be32toh(x) BE_32(x) /* ... for the BSDs */ #elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) -# include +#include #elif defined(__OpenBSD__) -# include +#include /* ... for Windows (MSVC)... not targeting XBOX 360! */ #elif defined(_MSC_VER) -# include -# define htobe16(x) _byteswap_ushort(x) -# define htole16(x) (x) -# define be16toh(x) _byteswap_ushort(x) -# define le16toh(x) (x) +#include +#define htobe16(x) _byteswap_ushort(x) +#define htole16(x) (x) +#define be16toh(x) _byteswap_ushort(x) +#define le16toh(x) (x) -# define htobe32(x) _byteswap_ulong(x) -# define htole32(x) (x) -# define be32toh(x) _byteswap_ulong(x) -# define le32toh(x) (x) +#define htobe32(x) _byteswap_ulong(x) +#define htole32(x) (x) +#define be32toh(x) _byteswap_ulong(x) +#define le32toh(x) (x) -# define htobe64(x) _byteswap_uint64(x) -# define htole64(x) (x) -# define be64toh(x) _byteswap_uint64(x) -# define le64toh(x) (x) +#define htobe64(x) _byteswap_uint64(x) +#define htole64(x) (x) +#define be64toh(x) _byteswap_uint64(x) +#define le64toh(x) (x) /* ... for Windows (GCC-like, e.g. mingw or clang) */ -#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) && \ +#elif (defined(_WIN32) || defined(_WIN64) || defined(__EMSCRIPTEN__)) && \ (defined(__GNUC__) || defined(__clang__)) -# define htobe16(x) __builtin_bswap16(x) -# define htole16(x) (x) -# define be16toh(x) __builtin_bswap16(x) -# define le16toh(x) (x) +#define htobe16(x) __builtin_bswap16(x) +#define htole16(x) (x) +#define be16toh(x) __builtin_bswap16(x) +#define le16toh(x) (x) -# define htobe32(x) __builtin_bswap32(x) -# define htole32(x) (x) -# define be32toh(x) __builtin_bswap32(x) -# define le32toh(x) (x) +#define htobe32(x) __builtin_bswap32(x) +#define htole32(x) (x) +#define be32toh(x) __builtin_bswap32(x) +#define le32toh(x) (x) -# define htobe64(x) __builtin_bswap64(x) -# define htole64(x) (x) -# define be64toh(x) __builtin_bswap64(x) -# define le64toh(x) (x) +#define htobe64(x) __builtin_bswap64(x) +#define htole64(x) (x) +#define be64toh(x) __builtin_bswap64(x) +#define le64toh(x) (x) /* ... generic big-endian fallback code */ -/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always big-endian */ -#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || defined(_AIX) +/* ... AIX doesn't have __BYTE_ORDER__ (with XLC compiler) & is always + * big-endian */ +#elif (defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) || \ + defined(_AIX) /* byte swapping code inspired by: * https://github.com/rweather/arduinolibs/blob/master/libraries/Crypto/utility/EndianUtil.h * */ -# define htobe32(x) (x) -# define be32toh(x) (x) -# define htole32(x) \ - (__extension__({ \ - uint32_t _temp = (x); \ - ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ - ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ - })) -# define le32toh(x) (htole32((x))) - -# define htobe64(x) (x) -# define be64toh(x) (x) -# define htole64(x) \ - (__extension__({ \ - uint64_t __temp = (x); \ - uint32_t __low = htobe32((uint32_t)__temp); \ - uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ - (((uint64_t)__low) << 32) | __high; \ - })) -# define le64toh(x) (htole64((x))) +#define htobe32(x) (x) +#define be32toh(x) (x) +#define htole32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +#define le32toh(x) (htole32((x))) + +#define htobe64(x) (x) +#define be64toh(x) (x) +#define htole64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +#define le64toh(x) (htole64((x))) /* ... generic little-endian fallback code */ #elif defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define htole32(x) (x) -# define le32toh(x) (x) -# define htobe32(x) \ - (__extension__({ \ - uint32_t _temp = (x); \ - ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ - ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ - })) -# define be32toh(x) (htobe32((x))) - -# define htole64(x) (x) -# define le64toh(x) (x) -# define htobe64(x) \ - (__extension__({ \ - uint64_t __temp = (x); \ - uint32_t __low = htobe32((uint32_t)__temp); \ - uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ - (((uint64_t)__low) << 32) | __high; \ - })) -# define be64toh(x) (htobe64((x))) +#define htole32(x) (x) +#define le32toh(x) (x) +#define htobe32(x) \ + (__extension__({ \ + uint32_t _temp = (x); \ + ((_temp >> 24) & 0x000000FF) | ((_temp >> 8) & 0x0000FF00) | \ + ((_temp << 8) & 0x00FF0000) | ((_temp << 24) & 0xFF000000); \ + })) +#define be32toh(x) (htobe32((x))) + +#define htole64(x) (x) +#define le64toh(x) (x) +#define htobe64(x) \ + (__extension__({ \ + uint64_t __temp = (x); \ + uint32_t __low = htobe32((uint32_t)__temp); \ + uint32_t __high = htobe32((uint32_t)(__temp >> 32)); \ + (((uint64_t)__low) << 32) | __high; \ + })) +#define be64toh(x) (htobe64((x))) /* ... couldn't determine endian-ness of the target platform */ #else -# error "Please define __BYTE_ORDER__!" +#error "Please define __BYTE_ORDER__!" #endif /* defined(__linux__) || ... */ @@ -175,17 +178,11 @@ inline static uint64_t load64(uint8_t *b) { return x; } -inline static void store16(uint8_t *b, uint16_t i) { - memcpy(b, &i, 2); -} +inline static void store16(uint8_t *b, uint16_t i) { memcpy(b, &i, 2); } -inline static void store32(uint8_t *b, uint32_t i) { - memcpy(b, &i, 4); -} +inline static void store32(uint8_t *b, uint32_t i) { memcpy(b, &i, 4); } -inline static void store64(uint8_t *b, uint64_t i) { - memcpy(b, &i, 8); -} +inline static void store64(uint8_t *b, uint64_t i) { memcpy(b, &i, 8); } /* Legacy accessors so that this header can serve as an implementation of * C.Endianness */ diff --git a/libcrux-ml-kem/c/karamel/include/krmllib.h b/libcrux-ml-kem/c/karamel/include/krmllib.h index ae11e4a8d..80de5943f 100644 --- a/libcrux-ml-kem/c/karamel/include/krmllib.h +++ b/libcrux-ml-kem/c/karamel/include/krmllib.h @@ -16,13 +16,12 @@ * argument "-bundle FStar.*"). You can then include the headers of your choice * one by one, using -add-early-include. */ -#include "krml/internal/target.h" -#include "krml/internal/callconv.h" +#include "krml/fstar_int.h" #include "krml/internal/builtin.h" +#include "krml/internal/callconv.h" #include "krml/internal/debug.h" +#include "krml/internal/target.h" #include "krml/internal/types.h" - #include "krml/lowstar_endianness.h" -#include "krml/fstar_int.h" -#endif /* __KRMLLIB_H */ +#endif /* __KRMLLIB_H */ diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128.h index ecc90213c..1af0e8f6a 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128.h @@ -3,67 +3,73 @@ Licensed under the Apache 2.0 License. */ - #ifndef __FStar_UInt128_H #define __FStar_UInt128_H #include #include + #include "krml/internal/compat.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/types.h" #include "krml/internal/target.h" +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" -static inline FStar_UInt128_uint128 -FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_add_underspec( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_add_mod( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_sub_underspec( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_sub_mod( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_logand( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_logxor( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_logor( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a); +static inline FStar_UInt128_uint128 FStar_UInt128_lognot( + FStar_UInt128_uint128 a); -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s); +static inline FStar_UInt128_uint128 FStar_UInt128_shift_left( + FStar_UInt128_uint128 a, uint32_t s); -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s); +static inline FStar_UInt128_uint128 FStar_UInt128_shift_right( + FStar_UInt128_uint128 a, uint32_t s); -static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_eq_mask( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); -static inline FStar_UInt128_uint128 -FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); +static inline FStar_UInt128_uint128 FStar_UInt128_gte_mask( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b); static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a); @@ -71,8 +77,8 @@ static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a); static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y); -static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y); - +static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, + uint64_t y); #define __FStar_UInt128_H_DEFINED #endif diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h index 9e4e2290b..be291481a 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt128_Verified.h @@ -3,115 +3,104 @@ Licensed under the Apache 2.0 License. */ - #ifndef __FStar_UInt128_Verified_H #define __FStar_UInt128_Verified_H -#include "FStar_UInt_8_16_32_64.h" #include #include -#include "krml/internal/types.h" + +#include "FStar_UInt_8_16_32_64.h" #include "krml/internal/target.h" +#include "krml/internal/types.h" -static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) -{ +static inline uint64_t FStar_UInt128_constant_time_carry(uint64_t a, + uint64_t b) { return (a ^ ((a ^ b) | ((a - b) ^ b))) >> 63U; } -static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) -{ +static inline uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) { return FStar_UInt128_constant_time_carry(a, b); } -static inline FStar_UInt128_uint128 -FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low + b.low; lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_add_underspec( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low + b.low; lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_add_mod( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low + b.low; lit.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low - b.low; lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_sub_underspec( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low - b.low; lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_sub_mod_impl( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low - b.low; lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_sub_mod( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { return FStar_UInt128_sub_mod_impl(a, b); } -static inline FStar_UInt128_uint128 -FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_logand( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low & b.low; lit.high = a.high & b.high; return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_logxor( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low ^ b.low; lit.high = a.high ^ b.high; return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_logor( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low | b.low; lit.high = a.high | b.high; return lit; } -static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_lognot( + FStar_UInt128_uint128 a) { FStar_UInt128_uint128 lit; lit.low = ~a.low; lit.high = ~a.high; @@ -120,26 +109,23 @@ static inline FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a static uint32_t FStar_UInt128_u32_64 = 64U; -static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) -{ +static inline uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, + uint64_t lo, + uint32_t s) { return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); } -static inline uint64_t -FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) -{ +static inline uint64_t FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, + uint64_t lo, + uint32_t s) { return FStar_UInt128_add_u64_shift_left(hi, lo, s); } -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s == 0U) - { +static inline FStar_UInt128_uint128 FStar_UInt128_shift_left_small( + FStar_UInt128_uint128 a, uint32_t s) { + if (s == 0U) { return a; - } - else - { + } else { FStar_UInt128_uint128 lit; lit.low = a.low << s; lit.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); @@ -147,48 +133,40 @@ FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) } } -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_shift_left_large( + FStar_UInt128_uint128 a, uint32_t s) { FStar_UInt128_uint128 lit; lit.low = 0ULL; lit.high = a.low << (s - FStar_UInt128_u32_64); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s < FStar_UInt128_u32_64) - { +static inline FStar_UInt128_uint128 FStar_UInt128_shift_left( + FStar_UInt128_uint128 a, uint32_t s) { + if (s < FStar_UInt128_u32_64) { return FStar_UInt128_shift_left_small(a, s); - } - else - { + } else { return FStar_UInt128_shift_left_large(a, s); } } -static inline uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) -{ +static inline uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, + uint64_t lo, + uint32_t s) { return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); } -static inline uint64_t -FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) -{ +static inline uint64_t FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, + uint64_t lo, + uint32_t s) { return FStar_UInt128_add_u64_shift_right(hi, lo, s); } -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s == 0U) - { +static inline FStar_UInt128_uint128 FStar_UInt128_shift_right_small( + FStar_UInt128_uint128 a, uint32_t s) { + if (s == 0U) { return a; - } - else - { + } else { FStar_UInt128_uint128 lit; lit.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); lit.high = a.high >> s; @@ -196,151 +174,137 @@ FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) } } -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_shift_right_large( + FStar_UInt128_uint128 a, uint32_t s) { FStar_UInt128_uint128 lit; lit.low = a.high >> (s - FStar_UInt128_u32_64); lit.high = 0ULL; return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) -{ - if (s < FStar_UInt128_u32_64) - { +static inline FStar_UInt128_uint128 FStar_UInt128_shift_right( + FStar_UInt128_uint128 a, uint32_t s) { + if (s < FStar_UInt128_u32_64) { return FStar_UInt128_shift_right_small(a, s); - } - else - { + } else { return FStar_UInt128_shift_right_large(a, s); } } -static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline bool FStar_UInt128_eq(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.low == b.low && a.high == b.high; } -static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline bool FStar_UInt128_gt(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high > b.high || (a.high == b.high && a.low > b.low); } -static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline bool FStar_UInt128_lt(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high < b.high || (a.high == b.high && a.low < b.low); } -static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline bool FStar_UInt128_gte(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high > b.high || (a.high == b.high && a.low >= b.low); } -static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline bool FStar_UInt128_lte(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high < b.high || (a.high == b.high && a.low <= b.low); } -static inline FStar_UInt128_uint128 -FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_eq_mask( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; - lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); - lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.low = + FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.high = + FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); return lit; } -static inline FStar_UInt128_uint128 -FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_gte_mask( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; - lit.low = - (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) - | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); - lit.high = - (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) - | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + lit.low = (FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high)) | + (FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low)); + lit.high = (FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high)) | + (FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low)); return lit; } -static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128( + uint64_t a) { FStar_UInt128_uint128 lit; lit.low = a; lit.high = 0ULL; return lit; } -static inline uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) -{ +static inline uint64_t FStar_UInt128_uint128_to_uint64( + FStar_UInt128_uint128 a) { return a.low; } -static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a) -{ +static inline uint64_t FStar_UInt128_u64_mod_32(uint64_t a) { return a & 0xffffffffULL; } static uint32_t FStar_UInt128_u32_32 = 32U; -static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) -{ +static inline uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) { return lo + (hi << FStar_UInt128_u32_32); } -static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, + uint32_t y) { FStar_UInt128_uint128 lit; - lit.low = - FStar_UInt128_u32_combine((x >> FStar_UInt128_u32_32) - * (uint64_t)y - + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), + lit.low = FStar_UInt128_u32_combine( + (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); lit.high = - ((x >> FStar_UInt128_u32_32) - * (uint64_t)y - + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) - >> FStar_UInt128_u32_32; + ((x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32)) >> + FStar_UInt128_u32_32; return lit; } -static inline uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) -{ +static inline uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) { return lo + (hi << FStar_UInt128_u32_32); } -static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) -{ +static inline FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, + uint64_t y) { FStar_UInt128_uint128 lit; - lit.low = - FStar_UInt128_u32_combine_(FStar_UInt128_u64_mod_32(x) - * (y >> FStar_UInt128_u32_32) - + - FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) - * FStar_UInt128_u64_mod_32(y) - + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)), - FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y))); - lit.high = - (x >> FStar_UInt128_u32_32) - * (y >> FStar_UInt128_u32_32) - + - (((x >> FStar_UInt128_u32_32) - * FStar_UInt128_u64_mod_32(y) - + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32)) - >> FStar_UInt128_u32_32) - + - ((FStar_UInt128_u64_mod_32(x) - * (y >> FStar_UInt128_u32_32) - + - FStar_UInt128_u64_mod_32((x >> FStar_UInt128_u32_32) - * FStar_UInt128_u64_mod_32(y) - + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32))) - >> FStar_UInt128_u32_32); + lit.low = FStar_UInt128_u32_combine_( + FStar_UInt128_u64_mod_32(x) * (y >> FStar_UInt128_u32_32) + + FStar_UInt128_u64_mod_32( + (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> + FStar_UInt128_u32_32)), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * + FStar_UInt128_u64_mod_32(y))); + lit.high = (x >> FStar_UInt128_u32_32) * (y >> FStar_UInt128_u32_32) + + (((x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> + FStar_UInt128_u32_32)) >> + FStar_UInt128_u32_32) + + ((FStar_UInt128_u64_mod_32(x) * (y >> FStar_UInt128_u32_32) + + FStar_UInt128_u64_mod_32( + (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> + FStar_UInt128_u32_32))) >> + FStar_UInt128_u32_32); return lit; } - #define __FStar_UInt128_Verified_H_DEFINED #endif diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h index 56a2454fc..f0bb54dee 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/FStar_UInt_8_16_32_64.h @@ -3,16 +3,16 @@ Licensed under the Apache 2.0 License. */ - #ifndef __FStar_UInt_8_16_32_64_H #define __FStar_UInt_8_16_32_64_H #include #include + #include "krml/internal/compat.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/types.h" #include "krml/internal/target.h" +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" extern krml_checked_int_t FStar_UInt64_n; @@ -32,8 +32,7 @@ extern uint64_t FStar_UInt64_minus(uint64_t a); extern uint32_t FStar_UInt64_n_minus_one; -static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) -{ +static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) { uint64_t x = a ^ b; uint64_t minus_x = ~x + 1ULL; uint64_t x_or_minus_x = x | minus_x; @@ -41,8 +40,7 @@ static KRML_NOINLINE uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) return xnx - 1ULL; } -static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) -{ +static KRML_NOINLINE uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) { uint64_t x = a; uint64_t y = b; uint64_t x_xor_y = x ^ y; @@ -80,8 +78,7 @@ extern uint32_t FStar_UInt32_minus(uint32_t a); extern uint32_t FStar_UInt32_n_minus_one; -static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) -{ +static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) { uint32_t x = a ^ b; uint32_t minus_x = ~x + 1U; uint32_t x_or_minus_x = x | minus_x; @@ -89,8 +86,7 @@ static KRML_NOINLINE uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) return xnx - 1U; } -static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) -{ +static KRML_NOINLINE uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) { uint32_t x = a; uint32_t y = b; uint32_t x_xor_y = x ^ y; @@ -128,8 +124,7 @@ extern uint16_t FStar_UInt16_minus(uint16_t a); extern uint32_t FStar_UInt16_n_minus_one; -static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) -{ +static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) { uint16_t x = (uint32_t)a ^ (uint32_t)b; uint16_t minus_x = (uint32_t)~x + 1U; uint16_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; @@ -137,8 +132,7 @@ static KRML_NOINLINE uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) return (uint32_t)xnx - 1U; } -static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) -{ +static KRML_NOINLINE uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) { uint16_t x = a; uint16_t y = b; uint16_t x_xor_y = (uint32_t)x ^ (uint32_t)y; @@ -176,8 +170,7 @@ extern uint8_t FStar_UInt8_minus(uint8_t a); extern uint32_t FStar_UInt8_n_minus_one; -static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) -{ +static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) { uint8_t x = (uint32_t)a ^ (uint32_t)b; uint8_t minus_x = (uint32_t)~x + 1U; uint8_t x_or_minus_x = (uint32_t)x | (uint32_t)minus_x; @@ -185,8 +178,7 @@ static KRML_NOINLINE uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) return (uint32_t)xnx - 1U; } -static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) -{ +static KRML_NOINLINE uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) { uint8_t x = a; uint8_t y = b; uint8_t x_xor_y = (uint32_t)x ^ (uint32_t)y; @@ -208,6 +200,5 @@ extern uint8_t FStar_UInt8_of_string(Prims_string uu___); typedef uint8_t FStar_UInt8_byte; - #define __FStar_UInt_8_16_32_64_H_DEFINED #endif diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h index e851c15c9..8e2927582 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/LowStar_Endianness.h @@ -3,16 +3,16 @@ Licensed under the Apache 2.0 License. */ - #ifndef __LowStar_Endianness_H #define __LowStar_Endianness_H #include #include + #include "krml/internal/compat.h" -#include "krml/lowstar_endianness.h" -#include "krml/internal/types.h" #include "krml/internal/target.h" +#include "krml/internal/types.h" +#include "krml/lowstar_endianness.h" static inline void store128_le(uint8_t *x0, FStar_UInt128_uint128 x1); @@ -22,6 +22,5 @@ static inline void store128_be(uint8_t *x0, FStar_UInt128_uint128 x1); static inline FStar_UInt128_uint128 load128_be(uint8_t *x0); - #define __LowStar_Endianness_H_DEFINED #endif diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h index ae109004f..af97c9231 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_gcc64.h @@ -83,9 +83,7 @@ inline static uint128_t FStar_UInt128_logxor(uint128_t x, uint128_t y) { return x ^ y; } -inline static uint128_t FStar_UInt128_lognot(uint128_t x) { - return ~x; -} +inline static uint128_t FStar_UInt128_lognot(uint128_t x) { return ~x; } inline static uint128_t FStar_UInt128_shift_left(uint128_t x, uint32_t y) { return x << y; @@ -104,7 +102,7 @@ inline static uint64_t FStar_UInt128_uint128_to_uint64(uint128_t x) { } inline static uint128_t FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { - return ((uint128_t) x) * y; + return ((uint128_t)x) * y; } inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { @@ -115,19 +113,20 @@ inline static uint128_t FStar_UInt128_eq_mask(uint128_t x, uint128_t y) { } inline static uint128_t FStar_UInt128_gte_mask(uint128_t x, uint128_t y) { - uint64_t mask = - (FStar_UInt64_gte_mask(x >> 64, y >> 64) & - ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | - (FStar_UInt64_eq_mask(x >> 64, y >> 64) & FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y)); + uint64_t mask = (FStar_UInt64_gte_mask(x >> 64, y >> 64) & + ~(FStar_UInt64_eq_mask(x >> 64, y >> 64))) | + (FStar_UInt64_eq_mask(x >> 64, y >> 64) & + FStar_UInt64_gte_mask((uint64_t)x, (uint64_t)y)); return ((uint128_t)mask) << 64 | mask; } inline static uint64_t FStar_UInt128___proj__Mkuint128__item__low(uint128_t x) { - return (uint64_t) x; + return (uint64_t)x; } -inline static uint64_t FStar_UInt128___proj__Mkuint128__item__high(uint128_t x) { - return (uint64_t) (x >> 64); +inline static uint64_t FStar_UInt128___proj__Mkuint128__item__high( + uint128_t x) { + return (uint64_t)(x >> 64); } inline static uint128_t FStar_UInt128_add_underspec(uint128_t x, uint128_t y) { @@ -138,17 +137,11 @@ inline static uint128_t FStar_UInt128_sub_underspec(uint128_t x, uint128_t y) { return x - y; } -inline static bool FStar_UInt128_eq(uint128_t x, uint128_t y) { - return x == y; -} +inline static bool FStar_UInt128_eq(uint128_t x, uint128_t y) { return x == y; } -inline static bool FStar_UInt128_gt(uint128_t x, uint128_t y) { - return x > y; -} +inline static bool FStar_UInt128_gt(uint128_t x, uint128_t y) { return x > y; } -inline static bool FStar_UInt128_lt(uint128_t x, uint128_t y) { - return x < y; -} +inline static bool FStar_UInt128_lt(uint128_t x, uint128_t y) { return x < y; } inline static bool FStar_UInt128_gte(uint128_t x, uint128_t y) { return x >= y; @@ -159,7 +152,7 @@ inline static bool FStar_UInt128_lte(uint128_t x, uint128_t y) { } inline static uint128_t FStar_UInt128_mul32(uint64_t x, uint32_t y) { - return (uint128_t) x * (uint128_t) y; + return (uint128_t)x * (uint128_t)y; } #endif diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h index 6ff658f54..6ed2eeb41 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_msvc.h @@ -3,20 +3,22 @@ /* This file was generated by KaRaMeL * then hand-edited to use MSVC intrinsics KaRaMeL invocation: - * C:\users\barrybo\mitls2c\karamel\_build\src\Karamel.native -minimal -fnouint128 C:/users/barrybo/mitls2c/FStar/ulib/FStar.UInt128.fst -tmpdir ../secure_api/out/runtime_switch/uint128 -skip-compilation -add-include "krmllib0.h" -drop FStar.Int.Cast.Full -bundle FStar.UInt128=FStar.*,Prims - * F* version: 15104ff8 - * KaRaMeL version: 318b7fa8 + * C:\users\barrybo\mitls2c\karamel\_build\src\Karamel.native -minimal + * -fnouint128 C:/users/barrybo/mitls2c/FStar/ulib/FStar.UInt128.fst -tmpdir + * ../secure_api/out/runtime_switch/uint128 -skip-compilation -add-include + * "krmllib0.h" -drop FStar.Int.Cast.Full -bundle FStar.UInt128=FStar.*,Prims F* + * version: 15104ff8 KaRaMeL version: 318b7fa8 */ #ifndef FSTAR_UINT128_MSVC #define FSTAR_UINT128_MSVC -#include "krml/internal/types.h" #include "FStar_UInt128.h" #include "FStar_UInt_8_16_32_64.h" +#include "krml/internal/types.h" #ifndef _MSC_VER -# error This file only works with the MSVC compiler +#error This file only works with the MSVC compiler #endif /* JP: need to rip out HAS_OPTIMIZED since the header guards in types.h are now @@ -32,8 +34,8 @@ // Define .low and .high in terms of the __m128i fields, to reduce // the amount of churn in this file. #if HAS_OPTIMIZED -#include #include +#include #define low m128i_u64[0] #define high m128i_u64[1] #endif @@ -72,7 +74,8 @@ inline static void store128_be(uint8_t *b, uint128_t n) { store64_be(b + 8, n.low); } -inline static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, uint64_t b) { +inline static uint64_t FStar_UInt128_constant_time_carry(uint64_t a, + uint64_t b) { return (a ^ (a ^ b | a - b ^ b)) >> (uint32_t)63U; } @@ -80,14 +83,14 @@ inline static uint64_t FStar_UInt128_carry(uint64_t a, uint64_t b) { return FStar_UInt128_constant_time_carry(a, b); } -inline static FStar_UInt128_uint128 -FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED uint64_t l, h; unsigned char carry = - _addcarry_u64(0, a.low, b.low, &l); // low/CF = a.low+b.low+0 - _addcarry_u64(carry, a.high, b.high, &h); // high = a.high+b.high+CF + _addcarry_u64(0, a.low, b.low, &l); // low/CF = a.low+b.low+0 + _addcarry_u64(carry, a.high, b.high, &h); // high = a.high+b.high+CF return _mm_set_epi64x(h, l); #else FStar_UInt128_uint128 lit; @@ -97,8 +100,8 @@ FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_add_underspec( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return FStar_UInt128_add(a, b); #else @@ -109,8 +112,8 @@ FStar_UInt128_add_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_add_mod( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return FStar_UInt128_add(a, b); #else @@ -121,8 +124,8 @@ FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED uint64_t l, h; @@ -137,8 +140,8 @@ FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_sub_underspec( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return FStar_UInt128_sub(a, b); #else @@ -149,16 +152,16 @@ FStar_UInt128_sub_underspec(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_sub_mod_impl( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { FStar_UInt128_uint128 lit; lit.low = a.low - b.low; lit.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); return lit; } -inline static FStar_UInt128_uint128 -FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_sub_mod( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return FStar_UInt128_sub(a, b); #else @@ -166,8 +169,8 @@ FStar_UInt128_sub_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_logand( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return _mm_and_si128(a, b); #else @@ -178,8 +181,8 @@ FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_logxor( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return _mm_xor_si128(a, b); #else @@ -190,8 +193,8 @@ FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_logor( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED return _mm_or_si128(a, b); #else @@ -202,7 +205,8 @@ FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #endif } -inline static FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) { +inline static FStar_UInt128_uint128 FStar_UInt128_lognot( + FStar_UInt128_uint128 a) { #if HAS_OPTIMIZED return _mm_andnot_si128(a, a); #else @@ -215,18 +219,20 @@ inline static FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a static const uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; -inline static uint64_t -FStar_UInt128_add_u64_shift_left(uint64_t hi, uint64_t lo, uint32_t s) { +inline static uint64_t FStar_UInt128_add_u64_shift_left(uint64_t hi, + uint64_t lo, + uint32_t s) { return (hi << s) + (lo >> (FStar_UInt128_u32_64 - s)); } -inline static uint64_t -FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, uint64_t lo, uint32_t s) { +inline static uint64_t FStar_UInt128_add_u64_shift_left_respec(uint64_t hi, + uint64_t lo, + uint32_t s) { return FStar_UInt128_add_u64_shift_left(hi, lo, s); } -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) { +inline static FStar_UInt128_uint128 FStar_UInt128_shift_left_small( + FStar_UInt128_uint128 a, uint32_t s) { if (s == (uint32_t)0U) return a; else { @@ -237,16 +243,16 @@ FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) { } } -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) { +inline static FStar_UInt128_uint128 FStar_UInt128_shift_left_large( + FStar_UInt128_uint128 a, uint32_t s) { FStar_UInt128_uint128 lit; lit.low = (uint64_t)0U; lit.high = a.low << (s - FStar_UInt128_u32_64); return lit; } -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) { +inline static FStar_UInt128_uint128 FStar_UInt128_shift_left( + FStar_UInt128_uint128 a, uint32_t s) { #if HAS_OPTIMIZED if (s == 0) { return a; @@ -265,18 +271,20 @@ FStar_UInt128_shift_left(FStar_UInt128_uint128 a, uint32_t s) { #endif } -inline static uint64_t -FStar_UInt128_add_u64_shift_right(uint64_t hi, uint64_t lo, uint32_t s) { +inline static uint64_t FStar_UInt128_add_u64_shift_right(uint64_t hi, + uint64_t lo, + uint32_t s) { return (lo >> s) + (hi << (FStar_UInt128_u32_64 - s)); } -inline static uint64_t -FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, uint64_t lo, uint32_t s) { +inline static uint64_t FStar_UInt128_add_u64_shift_right_respec(uint64_t hi, + uint64_t lo, + uint32_t s) { return FStar_UInt128_add_u64_shift_right(hi, lo, s); } -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) { +inline static FStar_UInt128_uint128 FStar_UInt128_shift_right_small( + FStar_UInt128_uint128 a, uint32_t s) { if (s == (uint32_t)0U) return a; else { @@ -287,16 +295,16 @@ FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) { } } -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) { +inline static FStar_UInt128_uint128 FStar_UInt128_shift_right_large( + FStar_UInt128_uint128 a, uint32_t s) { FStar_UInt128_uint128 lit; lit.low = a.high >> (s - FStar_UInt128_u32_64); lit.high = (uint64_t)0U; return lit; } -inline static FStar_UInt128_uint128 -FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) { +inline static FStar_UInt128_uint128 FStar_UInt128_shift_right( + FStar_UInt128_uint128 a, uint32_t s) { #if HAS_OPTIMIZED if (s == 0) { return a; @@ -315,28 +323,33 @@ FStar_UInt128_shift_right(FStar_UInt128_uint128 a, uint32_t s) { #endif } -inline static bool FStar_UInt128_eq(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static bool FStar_UInt128_eq(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.low == b.low && a.high == b.high; } -inline static bool FStar_UInt128_gt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static bool FStar_UInt128_gt(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high > b.high || a.high == b.high && a.low > b.low; } -inline static bool FStar_UInt128_lt(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static bool FStar_UInt128_lt(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high < b.high || a.high == b.high && a.low < b.low; } -inline static bool FStar_UInt128_gte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static bool FStar_UInt128_gte(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high > b.high || a.high == b.high && a.low >= b.low; } -inline static bool FStar_UInt128_lte(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static bool FStar_UInt128_lte(FStar_UInt128_uint128 a, + FStar_UInt128_uint128 b) { return a.high < b.high || a.high == b.high && a.low <= b.low; } -inline static FStar_UInt128_uint128 -FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_eq_mask( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED // PCMPW to produce 4 32-bit values, all either 0x0 or 0xffffffff __m128i r32 = _mm_cmpeq_epi32(a, b); @@ -346,19 +359,21 @@ FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { __m128i ret64 = _mm_and_si128(r32, s32); // Swap the two 64-bit values to form s64 __m128i s64 = - _mm_shuffle_epi32(ret64, _MM_SHUFFLE(1, 0, 3, 2)); // 3,2,1,0 -> 1,0,3,2 + _mm_shuffle_epi32(ret64, _MM_SHUFFLE(1, 0, 3, 2)); // 3,2,1,0 -> 1,0,3,2 // And them together return _mm_and_si128(ret64, s64); #else FStar_UInt128_uint128 lit; - lit.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); - lit.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.low = + FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + lit.high = + FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); return lit; #endif } -inline static FStar_UInt128_uint128 -FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { +inline static FStar_UInt128_uint128 FStar_UInt128_gte_mask( + FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { #if HAS_OPTIMIZED && 0 // ge - compare 3,2,1,0 for >= and generating 0 or 0xffffffff for each // eq - compare 3,2,1,0 for == and generating 0 or 0xffffffff for each @@ -369,40 +384,41 @@ FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { __m128i ge = _mm_or_si128(gt, eq); __m128i ge0 = ge; __m128i eq0 = eq; - __m128i ge1 = _mm_srli_si128(ge, 4); // shift ge from 3,2,1,0 to 0x0,3,2,1 + __m128i ge1 = _mm_srli_si128(ge, 4); // shift ge from 3,2,1,0 to 0x0,3,2,1 __m128i t1 = _mm_and_si128(eq0, ge1); - __m128i ret = _mm_or_si128(ge, t1); // ge0 | (eq0 & ge1) is now in 0 - __m128i eq1 = _mm_srli_si128(eq, 4); // shift eq from 3,2,1,0 to 0x0,3,2,1 + __m128i ret = _mm_or_si128(ge, t1); // ge0 | (eq0 & ge1) is now in 0 + __m128i eq1 = _mm_srli_si128(eq, 4); // shift eq from 3,2,1,0 to 0x0,3,2,1 __m128i ge2 = - _mm_srli_si128(ge1, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,3,2 + _mm_srli_si128(ge1, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,3,2 __m128i t2 = - _mm_and_si128(eq0, _mm_and_si128(eq1, ge2)); // t2 = (eq0 & eq1 & ge2) + _mm_and_si128(eq0, _mm_and_si128(eq1, ge2)); // t2 = (eq0 & eq1 & ge2) ret = _mm_or_si128(ret, t2); - __m128i eq2 = _mm_srli_si128(eq1, 4); // shift eq from 3,2,1,0 to 0x0,00,00,3 - __m128i ge3 = - _mm_srli_si128(ge2, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,0x0,3 + __m128i eq2 = _mm_srli_si128(eq1, 4); // shift eq from 3,2,1,0 to 0x0,00,00,3 + __m128i ge3 = _mm_srli_si128( + ge2, 4); // shift original ge from 3,2,1,0 to 0x0,0x0,0x0,3 __m128i t3 = _mm_and_si128( eq0, _mm_and_si128( - eq1, _mm_and_si128(eq2, ge3))); // t3 = (eq0 & eq1 & eq2 & ge3) + eq1, _mm_and_si128(eq2, ge3))); // t3 = (eq0 & eq1 & eq2 & ge3) ret = _mm_or_si128(ret, t3); return _mm_shuffle_epi32( - ret, - _MM_SHUFFLE(0, 0, 0, 0)); // the result is in 0. Shuffle into all dwords. + ret, _MM_SHUFFLE(0, 0, 0, + 0)); // the result is in 0. Shuffle into all dwords. #else FStar_UInt128_uint128 lit; lit.low = FStar_UInt64_gte_mask(a.high, b.high) & + ~FStar_UInt64_eq_mask(a.high, b.high) | + FStar_UInt64_eq_mask(a.high, b.high) & + FStar_UInt64_gte_mask(a.low, b.low); + lit.high = FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high) | FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low); - lit.high = FStar_UInt64_gte_mask(a.high, b.high) & - ~FStar_UInt64_eq_mask(a.high, b.high) | - FStar_UInt64_eq_mask(a.high, b.high) & - FStar_UInt64_gte_mask(a.low, b.low); return lit; #endif } -inline static FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) { +inline static FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128( + uint64_t a) { #if HAS_OPTIMIZED return _mm_set_epi64x(0, a); #else @@ -413,7 +429,8 @@ inline static FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) #endif } -inline static uint64_t FStar_UInt128_uint128_to_uint64(FStar_UInt128_uint128 a) { +inline static uint64_t FStar_UInt128_uint128_to_uint64( + FStar_UInt128_uint128 a) { return a.low; } @@ -427,7 +444,8 @@ inline static uint64_t FStar_UInt128_u32_combine(uint64_t hi, uint64_t lo) { return lo + (hi << FStar_UInt128_u32_32); } -inline static FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) { +inline static FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, + uint32_t y) { #if HAS_OPTIMIZED uint64_t l, h; l = _umul128(x, (uint64_t)y, &h); @@ -435,14 +453,13 @@ inline static FStar_UInt128_uint128 FStar_UInt128_mul32(uint64_t x, uint32_t y) #else FStar_UInt128_uint128 lit; lit.low = FStar_UInt128_u32_combine( - (x >> FStar_UInt128_u32_32) * (uint64_t)y + - (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> - FStar_UInt128_u32_32), - FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); - lit.high = (x >> FStar_UInt128_u32_32) * (uint64_t)y + - (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> - FStar_UInt128_u32_32) >> - FStar_UInt128_u32_32; + (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32), + FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * (uint64_t)y)); + lit.high = + (x >> FStar_UInt128_u32_32) * (uint64_t)y + + (FStar_UInt128_u64_mod_32(x) * (uint64_t)y >> FStar_UInt128_u32_32) >> + FStar_UInt128_u32_32; return lit; #endif } @@ -458,16 +475,15 @@ typedef struct K_quad_s { uint64_t f3; } K_quad; -inline static K_quad -FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) { +inline static K_quad FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) { K_quad tmp; tmp.fst = FStar_UInt128_u64_mod_32(x); - tmp.snd = FStar_UInt128_u64_mod_32( - FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)); + tmp.snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * + FStar_UInt128_u64_mod_32(y)); tmp.thd = x >> FStar_UInt128_u32_32; tmp.f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + - (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> - FStar_UInt128_u32_32); + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> + FStar_UInt128_u32_32); return tmp; } @@ -475,26 +491,25 @@ static uint64_t FStar_UInt128_u32_combine_(uint64_t hi, uint64_t lo) { return lo + (hi << FStar_UInt128_u32_32); } -inline static FStar_UInt128_uint128 -FStar_UInt128_mul_wide_impl(uint64_t x, uint64_t y) { - K_quad scrut = - FStar_UInt128_mul_wide_impl_t_(x, y); +inline static FStar_UInt128_uint128 FStar_UInt128_mul_wide_impl(uint64_t x, + uint64_t y) { + K_quad scrut = FStar_UInt128_mul_wide_impl_t_(x, y); uint64_t u1 = scrut.fst; uint64_t w3 = scrut.snd; uint64_t x_ = scrut.thd; uint64_t t_ = scrut.f3; FStar_UInt128_uint128 lit; lit.low = FStar_UInt128_u32_combine_( - u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), w3); + u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), w3); lit.high = - x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + - ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> - FStar_UInt128_u32_32); + x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> + FStar_UInt128_u32_32); return lit; } -inline static -FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, uint64_t y) { +inline static FStar_UInt128_uint128 FStar_UInt128_mul_wide(uint64_t x, + uint64_t y) { #if HAS_OPTIMIZED uint64_t l, h; l = _umul128(x, y, &h); diff --git a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h index e2b6d6285..3e2f8b667 100644 --- a/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h +++ b/libcrux-ml-kem/c/karamel/krmllib/dist/minimal/fstar_uint128_struct_endianness.h @@ -9,7 +9,7 @@ /* Access 64-bit fields within the int128. */ #define HIGH64_OF(x) ((x)->high) -#define LOW64_OF(x) ((x)->low) +#define LOW64_OF(x) ((x)->low) /* A series of definitions written using pointers. */ @@ -41,9 +41,7 @@ inline static uint128_t load128_le(uint8_t *b) { return r; } -inline static void store128_le(uint8_t *b, uint128_t n) { - store128_le_(b, &n); -} +inline static void store128_le(uint8_t *b, uint128_t n) { store128_le_(b, &n); } inline static uint128_t load128_be(uint8_t *b) { uint128_t r; @@ -51,17 +49,15 @@ inline static uint128_t load128_be(uint8_t *b) { return r; } -inline static void store128_be(uint8_t *b, uint128_t n) { - store128_be_(b, &n); -} +inline static void store128_be(uint8_t *b, uint128_t n) { store128_be_(b, &n); } #else /* !defined(KRML_STRUCT_PASSING) */ -# define print128 print128_ -# define load128_le load128_le_ -# define store128_le store128_le_ -# define load128_be load128_be_ -# define store128_be store128_be_ +#define print128 print128_ +#define load128_le load128_le_ +#define store128_le store128_le_ +#define load128_be load128_be_ +#define store128_be store128_be_ #endif /* KRML_STRUCT_PASSING */ diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index f6c56b762..038275130 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_core.h" @@ -255,6 +255,20 @@ void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } +void core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError self, + uint8_t ret[32U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[32U]; + memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 4a10fd36d..939357063 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_core_H @@ -128,11 +128,11 @@ typedef struct #define core_result_Err 1 typedef uint8_t - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags; typedef struct core_result_Result__uint8_t_8size_t__core_array_TryFromSliceError_s { - core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_tags tag; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 091d617ba..3f01c2fb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 330eeb708..53226bb83 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem1024_avx2.h" @@ -30,6 +30,29 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -52,6 +75,32 @@ libcrux_ml_kem_mlkem1024_avx2_encapsulate( uu____0, uu____1); } +static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -69,6 +118,24 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +static libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + static bool validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 937bd78b6..46859069c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -14,19 +14,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_avx2.h" void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t randomness[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index ffd996c1d..124af69e3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem1024_portable.h" @@ -30,6 +30,29 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate_unpacked___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ encapsulate___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, @@ -52,6 +75,32 @@ libcrux_ml_kem_mlkem1024_portable_encapsulate( uu____0, uu____1); } +static K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -69,6 +118,24 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +static libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uu____0); +} + static bool validate_public_key___4size_t_1536size_t_1568size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 3b49e57f7..37270ba49 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem1024_portable_H @@ -14,19 +14,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + uint8_t randomness[32U]); + libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1568size_t__ libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1568size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a09186c6e..842a6cc17 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 309f22ab9..293986592 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem512_avx2.h" @@ -30,6 +30,29 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -52,6 +75,32 @@ libcrux_ml_kem_mlkem512_avx2_encapsulate( uu____0, uu____1); } +static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { @@ -69,6 +118,24 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +static libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + static bool validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 5bcdac6ee..d2ecdbf1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem512_avx2_H @@ -14,20 +14,37 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_avx2.h" void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t randomness[32U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 45737a6f8..090f36dd7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem512_portable.h" @@ -30,6 +30,29 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate_unpacked___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ encapsulate___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, @@ -52,6 +75,32 @@ libcrux_ml_kem_mlkem512_portable_encapsulate( uu____0, uu____1); } +static K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____0, uu____1); +} + static libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t generate_keypair___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( uint8_t randomness[64U]) { @@ -69,6 +118,24 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +static libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uu____0); +} + static bool validate_public_key___2size_t_768size_t_800size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index fbebb1cf3..cfed4cb9a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem512_portable_H @@ -14,20 +14,37 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + uint8_t randomness[32U]); + libcrux_ml_kem_types_MlKemKeyPair____1632size_t__800size_t libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___800size_t__ libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____800size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9d07cb859..3ccbc38fd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 646b8d5f8..628bb4af4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem768_avx2.h" @@ -28,6 +28,27 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -50,6 +71,32 @@ libcrux_ml_kem_mlkem768_avx2_encapsulate( uu____0, uu____1); } +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -67,6 +114,24 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +static libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + static bool validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 8f28e37aa..4f48cfd27 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem768_avx2_H @@ -14,19 +14,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_avx2.h" void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + uint8_t randomness[32U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index aa3d257dc..7ecfe1725 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_mlkem768_portable.h" @@ -28,6 +28,27 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +static void +decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + key_pair, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t ret0[32U]; + decapsulate_unpacked___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + private_key, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ encapsulate___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, @@ -50,6 +71,32 @@ libcrux_ml_kem_mlkem768_portable_encapsulate( uu____0, uu____1); } +static K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____0, uu____1); +} + static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( uint8_t randomness[64U]) { @@ -67,6 +114,24 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uu____0); } +static libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uu____0); +} + static bool validate_public_key___3size_t_1152size_t_1184size_t( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 616e4a96c..f761bbb56 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem768_portable_H @@ -14,19 +14,35 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]); +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *public_key, + uint8_t randomness[32U]); + libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( + uint8_t randomness[64U]); + core_option_Option__libcrux_ml_kem_types_MlKemPublicKey___1184size_t__ libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey____1184size_t public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 1b7ff58b3..adc579e49 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1672,7 +1672,7 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[3U], + *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for ( @@ -1710,7 +1710,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -1718,16 +1718,9 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[1152U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -1749,12 +1742,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( uu____0, @@ -1765,6 +1753,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + snd; +} __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__; + static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -2551,8 +2547,8 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -2561,12 +2557,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A0, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; @@ -2602,6 +2598,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f t_as_ntt[3U]; compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____4[3U]; memcpy( @@ -2609,26 +2611,75 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[3U]; + uu____5[3U][3U]; + memcpy( + uu____5, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A, uu____5, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__){ + .fst = sk, .snd = pk}); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +clone__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); return lit; } @@ -2640,6 +2691,122 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = clone__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[3U][3U]; + memcpy( + uu____2, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + memcpy( + ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, implicit_rejection_value); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + uu____3 = ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + uu____6 = ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t_1184size_t( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1152size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -2741,51 +2908,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uu____3)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -3513,23 +3635,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -3573,7 +3682,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u[3U]; compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3582,7 +3691,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____5[3U]; @@ -3606,43 +3715,22 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -static inline void -kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( - Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *public_key, uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - uint8_t ret[32U]; - H___3size_t( - Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice), - ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; G___3size_t( @@ -3655,25 +3743,23 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( - public_key), - uint8_t, Eurydice_slice); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____2 = &public_key->ind_cpa_public_key; uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uu____4); - uint8_t shared_secret_array[32U]; - kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( - shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; @@ -3682,48 +3768,234 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib return lit; } -static inline core_core_arch_x86___m256i -decompress_ciphertext_coefficient___10int32_t( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[3U][3U]; + memcpy( + uu____1, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [3U])); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____3 = &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___3size_t( + Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1184size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline core_core_arch_x86___m256i +decompress_ciphertext_coefficient___10int32_t( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); core_core_arch_x86___m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, core_core_arch_x86___m256i); @@ -4111,94 +4383,36 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Ve } static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); +subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *self, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + b) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( + b.coefficients[i0], (int16_t)1441); core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( + self->coefficients[i0], &coefficient_normal_form)); + b.coefficients[i0] = uu____0; } - return re; + return b; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - Eurydice_slice secret_key, +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[3U]) { + *v, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -subtract_reduce__libcrux_ml_kem_vector_avx2_SIMD256Vector( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *self, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___montgomery_multiply_by_constant( - b.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i uu____0 = - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___barrett_reduce( - libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___sub( - self->coefficients[i0], &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *v, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + result = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4242,8 +4456,10 @@ compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[3U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_10size_t( @@ -4253,14 +4469,10 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_1 Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( message, ret0); @@ -4276,6 +4488,162 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + *uu____3 = &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + re = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + core_core_arch_x86___m256i uu____0 = + libcrux_ml_kem_vector_avx2___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__avx2__SIMD256Vector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4406,7 +4774,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1568 static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[4U], + *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for ( @@ -4444,7 +4812,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -4452,16 +4820,9 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[1536U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -4483,12 +4844,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( uu____0, @@ -4499,6 +4855,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + snd; +} __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__; + static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -4952,8 +5316,8 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -4962,12 +5326,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A0, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; @@ -5003,6 +5367,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f t_as_ntt[4U]; compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____4[4U]; memcpy( @@ -5010,27 +5380,62 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[4U]; + uu____5[4U][4U]; + memcpy( + uu____5, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A, uu____5, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__){ + .fst = sk, .snd = pk}); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); - return lit; } static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -5041,18 +5446,134 @@ static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -static inline void -serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice( - (size_t)3168U, uu____0, +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = clone__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[4U][4U]; + memcpy( + uu____2, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + memcpy( + ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, implicit_rejection_value); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + uu____3 = ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + uu____6 = ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t_1568size_t( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1536size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +static inline void +serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice( + (size_t)3168U, uu____0, (CLITERAL(core_ops_range_Range__size_t){ .start = uu____1, .end = uu____2 + @@ -5142,51 +5663,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uu____3)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -5433,23 +5909,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -5493,7 +5956,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u[4U]; compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5502,7 +5965,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____5[4U]; @@ -5526,6 +5989,169 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____2 = &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( + ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[4U][4U]; + memcpy( + uu____1, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [4U])); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____3 = &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + static inline void kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { @@ -5688,43 +6314,8 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Ve return uu____0; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector -compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector +compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector *v, libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5747,8 +6338,10 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[4U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_11size_t( @@ -5758,14 +6351,10 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_ Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( message, ret0); @@ -5781,6 +6370,140 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + *uu____3 = &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -5912,7 +6635,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_800s static inline void serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - key[2U], + *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for ( @@ -5950,7 +6673,7 @@ serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t static inline void serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -5958,16 +6681,9 @@ serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); uint8_t ret0[768U]; serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5989,12 +6705,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( uu____0, @@ -6005,6 +6716,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_avx2_SIMD (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + snd; +} __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__; + static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -6451,8 +7170,8 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +static __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -6461,12 +7180,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A0, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; @@ -6502,6 +7221,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f t_as_ntt[2U]; compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____4[2U]; memcpy( @@ -6509,27 +7234,62 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____5[2U]; + uu____5[2U][2U]; + memcpy( + uu____5, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A, uu____5, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__){ + .fst = sk, .snd = pk}); +} + +static void +closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + memcpy( + ret, ret0, (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; } static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -6540,6 +7300,122 @@ static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1 = clone__libcrux_ml_kem_vector_avx2_SIMD256Vector( + &ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____2[2U][2U]; + memcpy( + uu____2, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + memcpy( + ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + uint8_t pk_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, implicit_rejection_value); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + uu____3 = ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + uu____6 = ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_avx2_SIMD256Vector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_3size_t_192size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_800size_t( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -6641,51 +7517,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto uu____3)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -6910,23 +7741,10 @@ compress_then_serialize_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_640s } static void -encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -6970,7 +7788,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u[2U]; compute_vector_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6979,7 +7797,7 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector v = compute_ring_element_v__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector uu____5[2U]; @@ -7003,6 +7821,169 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____2 = &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( + ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____1[2U][2U]; + memcpy( + uu____1, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + [2U])); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____3 = &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + static inline void kdf__libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { @@ -7124,41 +8105,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7183,8 +8129,10 @@ compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( } static void -decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector u_as_ntt[2U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_10size_t( @@ -7194,14 +8142,10 @@ decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10 Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector message = compute_message__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_avx2_SIMD256Vector( message, ret0); @@ -7217,6 +8161,140 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *key_pair, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + *uu____3 = &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO__libcrux_ml_kem_vector_avx2_SIMD256Vector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_avx2_SIMD256Vector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); +} + +static void +decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 85da9edbf..2cc91d98e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem_avx2_H @@ -286,6 +286,117 @@ typedef struct core_core_arch_x86___m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[3U]; +} libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[3U][3U]; +} libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t + public_key; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[4U]; +} libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[4U][4U]; +} libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t + public_key; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + secret_as_ntt[2U]; +} libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector + A[2U][2U]; +} libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t + public_key; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_avx2_SIMD256Vector__2size_t; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index fadddd5b1..ef37ae7bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_mlkem_portable.h" @@ -2440,7 +2440,7 @@ serialize_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_ static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - key[4U], + *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for ( @@ -2478,7 +2478,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_ static inline void serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - t_as_ntt[4U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -2486,16 +2486,9 @@ serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1536U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____1[4U]; - memcpy( - uu____1, t_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[1536U]; serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2517,12 +2510,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0[4U]; - memcpy( - uu____0, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( uu____0, @@ -2533,6 +2521,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + snd; +} __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__; + static inline void G___4size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -3309,8 +3305,8 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4si libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 -generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( +static __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___4size_t(key_generation_seed, hashed); @@ -3319,12 +3315,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A0, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; @@ -3360,6 +3356,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc t_as_ntt[4U]; compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[4U]; memcpy( @@ -3367,26 +3369,79 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - uint8_t public_key_serialized[1568U]; - serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____5[4U]; + uu____5[4U][4U]; + memcpy( + uu____5, A_transpose, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1536U]; - memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____7[1568U]; - memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A, uu____5, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__){ + .fst = sk, .snd = pk}); +} + +static void +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret0[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + memcpy( + ret, ret0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +clone__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + lit; + libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); return lit; } @@ -3398,6 +3453,123 @@ static inline void H___4size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[4U][4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_3168size_t_1568size_t_1536size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____1 = + clone__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____2[4U][4U]; + memcpy( + uu____2, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [4U])); + memcpy( + ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___4size_t(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, implicit_rejection_value); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + uu____3 = ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + uu____6 = ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___4size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t_1568size_t( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1536size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -3499,52 +3671,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_t uu____3)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - deserialized_pk[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); -} - static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t__uint8_t sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_128size_t_2size_t( uint8_t prf_input[33U], uint8_t domain_separator) { @@ -4123,23 +4249,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_ty } static void -encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - t_as_ntt[4U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - A_transpose[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -4183,7 +4296,7 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[4U]; compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4192,7 +4305,7 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[4U]; @@ -4216,43 +4329,22 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } -static inline void -kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( - Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ -libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( - libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *public_key, uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - uint8_t ret[32U]; - H___4size_t( - Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice), - ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; G___4size_t( @@ -4265,25 +4357,23 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_P K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, - libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( - public_key), - uint8_t, Eurydice_slice); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____2 = &public_key->ind_cpa_public_key; uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uu____4); - uint8_t shared_secret_array[32U]; - kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( - shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; @@ -4292,35 +4382,222 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_P return lit; } -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient___10int32_t( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - int32_t decompressed = (int32_t)v.elements[i0] * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); - decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); - v.elements[i0] = (int16_t)decompressed; - } - return v; -} - -static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient___10int32_t0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient___10int32_t(v); +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector -deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - Eurydice_slice serialized) { +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + deserialized_pk[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[4U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1536size_t_4size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____1[4U][4U]; + memcpy( + uu____1, A, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [4U])); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____3 = &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +static inline void +kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( + Eurydice_slice shared_secret, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H___4size_t( + Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, + libcrux_ml_kem_types__libcrux_ml_kem__types__MlKemPublicKey_SIZE__18__as_slice___1568size_t( + public_key), + uint8_t, Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( + uu____4); + uint8_t shared_secret_array[32U]; + kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t( + shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1568size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +decompress_ciphertext_coefficient___10int32_t( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + int32_t decompressed = (int32_t)v.elements[i0] * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + decompressed = (decompressed << 1U) + ((int32_t)1 << (uint32_t)(int32_t)10); + decompressed = decompressed >> (uint32_t)((int32_t)10 + (int32_t)1); + v.elements[i0] = (int16_t)decompressed; + } + return v; +} + +static libcrux_ml_kem_vector_portable_vector_type_PortableVector +decompress_ciphertext_coefficient___10int32_t0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return decompress_ciphertext_coefficient___10int32_t(v); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_then_decompress_10__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice( @@ -4567,65 +4844,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vecto return uu____0; } -static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector -deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice( - serialized, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( - bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - secret_as_ntt[4U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector subtract_reduce__libcrux_ml_kem_vector_portable_vector_type_PortableVector( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4706,8 +4924,10 @@ compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_Port } static void -decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[4U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_11size_t( @@ -4717,14 +4937,10 @@ decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568s Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - secret_as_ntt[4U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); @@ -4740,23 +4956,181 @@ static inline void PRF___4size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( - libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___4size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array___1600size_t( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___4size_t_32size_t( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + *uu____3 = &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + uu____5, Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector +deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + re = ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice( + serialized, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * (size_t)24U, .end = i0 * (size_t)24U + (size_t)24U}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable___libcrux_ml_kem__vector__traits__Operations_for_libcrux_ml_kem__vector__portable__vector_type__PortableVector___deserialize_12( + bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[4U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[4U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___libcrux_ml_kem_ind_cca_MlKem_4size_t_3168size_t_1536size_t_1568size_t_1568size_t_1536size_t_1408size_t_160size_t_11size_t_5size_t_352size_t_2size_t_128size_t_2size_t_128size_t_1600size_t( + libcrux_ml_kem_types_MlKemPrivateKey____3168size_t *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = core_slice___Slice_T___split_at( @@ -4872,7 +5246,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_Po static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - key[2U], + *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for ( @@ -4910,7 +5284,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_ static inline void serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - t_as_ntt[2U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -4918,16 +5292,9 @@ serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)768U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____1[2U]; - memcpy( - uu____1, t_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[768U]; serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -4949,12 +5316,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0[2U]; - memcpy( - uu____0, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( uu____0, @@ -4965,6 +5327,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + snd; +} __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__; + static inline void G___2size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -5398,8 +5768,8 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2si libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair512 -generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( +static __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___2size_t(key_generation_seed, hashed); @@ -5408,12 +5778,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A0, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; @@ -5449,6 +5819,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc t_as_ntt[2U]; compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[2U]; memcpy( @@ -5456,27 +5832,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - uint8_t public_key_serialized[800U]; - serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____5[2U]; + uu____5[2U][2U]; + memcpy( + uu____5, A_transpose, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A, uu____5, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__){ + .fst = sk, .snd = pk}); +} + +static void +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret0[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + memcpy( + ret, ret0, (size_t)2U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - uint8_t secret_key_serialized[768U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[768U]; - memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____7[800U]; - memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); - return lit; } static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -5487,6 +5900,123 @@ static inline void H___2size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[2U][2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_1632size_t_800size_t_768size_t_3size_t_192size_t( + A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____1 = + clone__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____2[2U][2U]; + memcpy( + uu____2, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [2U])); + memcpy( + ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [2U])); + uint8_t pk_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___2size_t(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, implicit_rejection_value); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + uu____3 = ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + uu____6 = ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair512 +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___2size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_3size_t_192size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_800size_t( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -5588,52 +6118,6 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_t uu____3)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - deserialized_pk[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); -} - static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; @@ -5904,23 +6388,10 @@ compress_then_serialize_ring_element_v__libcrux_ml_kem_vector_portable_vector_ty } static void -encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - t_as_ntt[2U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - A_transpose[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -5964,7 +6435,7 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[2U]; compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5973,7 +6444,7 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[2U]; @@ -5997,6 +6468,170 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____2 = &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext____768size_t uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___768size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + deserialized_pk[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[2U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_768size_t_2size_t( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( + ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____1[2U][2U]; + memcpy( + uu____1, A, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [2U])); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____3 = &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + static inline void kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { @@ -6164,42 +6799,6 @@ deserialize_then_decompress_ring_element_v__libcrux_ml_kem_vector_portable_vecto return uu____0; } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - secret_as_ntt[2U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6228,8 +6827,10 @@ compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size } static void -decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[2U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_10size_t( @@ -6239,14 +6840,10 @@ decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768si Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - secret_as_ntt[2U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); @@ -6262,33 +6859,168 @@ static inline void PRF___2size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( - libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *key_pair, libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, uint8_t ret[32U]) { - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = - core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = - core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = - core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( - ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___2size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array___800size_t( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___2size_t_32size_t( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + *uu____3 = &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + uu____5, Eurydice_array_to_slice((size_t)768U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[2U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[2U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___libcrux_ml_kem_ind_cca_MlKem_2size_t_1632size_t_768size_t_800size_t_768size_t_768size_t_640size_t_128size_t_10size_t_4size_t_320size_t_3size_t_192size_t_2size_t_128size_t_800size_t( + libcrux_ml_kem_types_MlKemPrivateKey____1632size_t *private_key, + libcrux_ml_kem_types_MlKemCiphertext____768size_t *ciphertext, + uint8_t ret[32U]) { + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____0 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____2 = + core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( + ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -6394,7 +7126,7 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_Po static inline void serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - key[3U], + *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for ( @@ -6432,7 +7164,7 @@ serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_ static inline void serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - t_as_ntt[3U], + *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice( @@ -6440,16 +7172,9 @@ serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_ (CLITERAL(core_ops_range_Range__size_t){.start = (size_t)0U, .end = (size_t)1152U}), uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____1[3U]; - memcpy( - uu____1, t_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); uint8_t ret0[1152U]; serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( - uu____1, ret0); + t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -6471,12 +7196,7 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0[3U]; - memcpy( - uu____0, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( uu____0, @@ -6487,6 +7207,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key__libcrux_ml_kem_vector_portable_ (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +typedef struct + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + snd; +} __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__; + static inline void G___3size_t(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( @@ -6909,8 +7637,8 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3si libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static libcrux_ml_kem_utils_extraction_helper_Keypair768 -generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( +static __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__ +generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G___3size_t(key_generation_seed, hashed); @@ -6919,12 +7647,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); - Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A0, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; @@ -6960,6 +7688,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc t_as_ntt[3U]; compute_As_plus_e__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____4[3U]; memcpy( @@ -6967,27 +7701,64 @@ generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libc (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - uint8_t public_key_serialized[1184U]; - serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( - uu____4, seed_for_A, public_key_serialized); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____5[3U]; + uu____5[3U][3U]; + memcpy( + uu____5, A_transpose, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + pk; memcpy( - uu____5, secret_as_ntt, + pk.t_as_ntt, uu____4, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy( + pk.A, uu____5, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return (CLITERAL( + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__){ + .fst = sk, .snd = pk}); +} + +static void +closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret0[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + memcpy( + ret, ret0, (size_t)3U * sizeof( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( - uu____5, secret_key_serialized); - uint8_t uu____6[1152U]; - memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____7[1184U]; - memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); - return lit; } static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { @@ -6998,6 +7769,123 @@ static inline void H___3size_t(Eurydice_slice input, uint8_t ret[32U]) { memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t +libcrux_ml_kem_ind_cca_generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice( + (size_t)64U, randomness, + (CLITERAL(core_ops_range_Range__size_t){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + ind_cpa_keypair_randomness); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[3U][3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + closure__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_2400size_t_1184size_t_1152size_t_2size_t_128size_t( + A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____1 = + clone__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + &ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____2[3U][3U]; + memcpy( + uu____2, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [3U])); + memcpy( + ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H___3size_t(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, implicit_rejection_value); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + uu____3 = ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + uu____6 = ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static libcrux_ml_kem_utils_extraction_helper_Keypair768 +generate_keypair__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( + Eurydice_slice key_generation_seed) { + __libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t___libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked_libcrux_ml_kem_vector_portable_vector_type_PortableVector___3size_t__ + uu____0 = + generate_keypair_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2size_t_128size_t( + key_generation_seed); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + sk = uu____0.fst; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t_1184size_t( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1152size_t( + sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + static inline void serialize_kem_secret_key__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t( Eurydice_slice private_key, Eurydice_slice public_key, @@ -7099,55 +7987,9 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_vector_t uu____3)); } -static inline void -entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static inline void -deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - deserialized_pk[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = - ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice( - public_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0 = - deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); -} - -static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t -sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( - uint8_t prf_input[33U], uint8_t domain_separator) { +static inline __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t__uint8_t +sample_ring_element_cbd__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_128size_t_2size_t( + uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector error_1[3U]; KRML_MAYBE_FOR3( @@ -7354,23 +8196,10 @@ compress_then_serialize_u__libcrux_ml_kem_vector_portable_vector_type_PortableVe } static void -encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( - Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - t_as_ntt[3U]; - deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - A_transpose[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); - sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( - ret0, false, A_transpose); +encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; @@ -7414,7 +8243,7 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u[3U]; compute_vector_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( - A_transpose, r_as_ntt, error_1, u); + public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7423,7 +8252,7 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector v = compute_ring_element_v__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____5[3U]; @@ -7447,6 +8276,170 @@ encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_ke memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ +libcrux_ml_kem_ind_cca_encapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1184size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *uu____2 = &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( + uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + K___libcrux_ml_kem_types_MlKemCiphertext___1088size_t___uint8_t_32size_t_ lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +static inline void +entropy_preprocess__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + deserialized_pk[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice( + public_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_reduced_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +encrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[3U]; + deserialize_ring_elements_reduced__libcrux_ml_kem_vector_portable_vector_type_PortableVector_1152size_t_3size_t( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); + sample_matrix_A__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( + ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result__uint8_t_32size_t__core_array_TryFromSliceError dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result__core__result__Result_T__E___unwrap__uint8_t_32size_t__core_array_TryFromSliceError( + dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____1[3U][3U]; + memcpy( + uu____1, A, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy( + public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + [3U])); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *uu____3 = &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + static inline void kdf__libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t( Eurydice_slice shared_secret, uint8_t ret[32U]) { @@ -7569,42 +8562,6 @@ deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_Portab libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); } -static inline void -deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - secret_as_ntt[3U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = - ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice( - secret_key, - (CLITERAL(core_ops_range_Range__size_t){ - .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), - uint8_t, core_ops_range_Range__size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - uu____0 = - deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * - sizeof( - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); -} - static inline libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7633,8 +8590,10 @@ compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size } static void -decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( - Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { +decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector u_as_ntt[3U]; deserialize_then_decompress_u__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_10size_t( @@ -7644,14 +8603,10 @@ decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088s Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector - secret_as_ntt[3U]; - deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( - secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector message = compute_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( - &v, secret_as_ntt, u_as_ntt); + &v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; compress_then_serialize_message__libcrux_ml_kem_vector_portable_vector_type_PortableVector( message, ret0); @@ -7667,6 +8622,140 @@ static inline void PRF___3size_t_32size_t(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +void libcrux_ml_kem_ind_cca_decapsulate_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array___64size_t( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G___3size_t( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t uu____1 = + core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + K___Eurydice_slice_uint8_t_Eurydice_slice_uint8_t); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array___1120size_t( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext), + uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF___3size_t_32size_t( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + *uu____3 = &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t( + uu____3, uu____4, pseudorandomness, expected_ciphertext); + Eurydice_slice uu____5 = + libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( + ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + uu____5, Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, + uint8_t, Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +static inline void +deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[3U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = + ZERO__libcrux_ml_kem_vector_portable_vector_type_PortableVector();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice( + secret_key, + (CLITERAL(core_ops_range_Range__size_t){ + .start = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + .end = i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT}), + uint8_t, core_ops_range_Range__size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0 = + deserialize_to_uncompressed_ring_element__libcrux_ml_kem_vector_portable_vector_type_PortableVector( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); +} + +static void +decrypt__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[3U]; + deserialize_secret_key__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t( + secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * + sizeof( + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + uint8_t ret0[32U]; + decrypt_unpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( + &secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_vector_type_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___libcrux_ml_kem_ind_cca_MlKem_3size_t_2400size_t_1152size_t_1184size_t_1088size_t_1152size_t_960size_t_128size_t_10size_t_4size_t_320size_t_2size_t_128size_t_2size_t_128size_t_1120size_t( libcrux_ml_kem_types_MlKemPrivateKey____2400size_t *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 413b7ea9a..f4d4c74af 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_mlkem_portable_H @@ -332,6 +332,117 @@ typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[4U]; +} libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[4U][4U]; +} libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t + public_key; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__4size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[2U]; +} libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[2U][2U]; +} libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t + public_key; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__2size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + secret_as_ntt[3U]; +} libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_vector_type_PortableVector + A[3U][3U]; +} libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_types_unpacked_IndCpaPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + +typedef struct + libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t_s { + libcrux_ml_kem_types_unpacked_MlKemPrivateKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + private_key; + libcrux_ml_kem_types_unpacked_MlKemPublicKeyUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t + public_key; +} libcrux_ml_kem_types_unpacked_MlKemKeyPairUnpacked__libcrux_ml_kem_vector_portable_vector_type_PortableVector__3size_t; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 8047153cc..1f241406b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 2f1cb9fdc..a44befbd7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6f30340c2..c19821a52 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index f9bf125fd..f69985a2c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index fe476a7d9..72ccf5784 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 35ca941bd..0d02ebc7c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + KaRaMeL invocation: /home/karthik/eurydice/eurydice --config ../c.yaml -funroll-loops 16 ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* - version: KaRaMeL version: 28555249 + version: f09228ef KaRaMeL version: 42a43169 */ #ifndef __libcrux_sha3_neon_H From 54127e21ccda688abee20710d80c6da2e3353e33 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Wed, 10 Jul 2024 01:11:39 +0200 Subject: [PATCH 29/31] fixed tests --- libcrux-ml-kem/c/benches/mlkem768.cc | 12 ++++++------ libcrux-ml-kem/c/tests/mlkem768.cc | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc b/libcrux-ml-kem/c/benches/mlkem768.cc index ed785ea23..6af1573f5 100644 --- a/libcrux-ml-kem/c/benches/mlkem768.cc +++ b/libcrux-ml-kem/c/benches/mlkem768.cc @@ -90,11 +90,11 @@ kyber768_encapsulation_unpacked(benchmark::State &state) auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, randomness); for (auto _ : state) { - ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, randomness); } } @@ -106,7 +106,7 @@ kyber768_decapsulation_unpacked(benchmark::State &state) auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, randomness); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; @@ -250,11 +250,11 @@ kyber768_encapsulation_avx2_unpacked(benchmark::State &state) auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, randomness); for (auto _ : state) { - ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, randomness); } } @@ -266,7 +266,7 @@ kyber768_decapsulation_avx2_unpacked(benchmark::State &state) auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, randomness); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc b/libcrux-ml-kem/c/tests/mlkem768.cc index f15b3e89d..0419c7a37 100644 --- a/libcrux-ml-kem/c/tests/mlkem768.cc +++ b/libcrux-ml-kem/c/tests/mlkem768.cc @@ -211,7 +211,7 @@ TEST(MlKem768TestPortableUnpacked, ConsistencyTest) uint8_t randomness2[32]; generate_random(randomness2, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), randomness2); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, randomness2); uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked(&key_pair, &ctxt.fst, sharedSecret2); @@ -348,7 +348,7 @@ TEST(MlKem768TestPortableUnpacked, NISTKnownAnswerTest) // We can't check the keys because we don't really have them. - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), kat.encapsulation_seed.data()); + auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, kat.encapsulation_seed.data()); uint8_t ct_hash[32]; libcrux_sha3_sha256( @@ -516,7 +516,7 @@ TEST(MlKem768TestAvx2Unpacked, NISTKnownAnswerTest) // We can't check the keys because we don't really have them. - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), kat.encapsulation_seed.data()); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, kat.encapsulation_seed.data()); uint8_t ct_hash[32]; libcrux_sha3_sha256( From 91da4f9d6e4cdbb55bee98550a854f8c9db48598 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 10 Jul 2024 07:40:23 -0400 Subject: [PATCH 30/31] remove accidentally checked in files --- libcrux-ml-kem/c/benches/mlkem768.cc~ | 350 --------------- libcrux-ml-kem/c/tests/mlkem768.cc~ | 606 -------------------------- 2 files changed, 956 deletions(-) delete mode 100644 libcrux-ml-kem/c/benches/mlkem768.cc~ delete mode 100644 libcrux-ml-kem/c/tests/mlkem768.cc~ diff --git a/libcrux-ml-kem/c/benches/mlkem768.cc~ b/libcrux-ml-kem/c/benches/mlkem768.cc~ deleted file mode 100644 index a49187c7d..000000000 --- a/libcrux-ml-kem/c/benches/mlkem768.cc~ +++ /dev/null @@ -1,350 +0,0 @@ -/* - * Copyright 2022 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include - -#include "libcrux_mlkem768.h" -#include "libcrux_mlkem768_portable.h" -#include "internal/libcrux_core.h" - -void generate_random(uint8_t *output, uint32_t output_len) -{ - for (int i = 0; i < output_len; i++) - output[i] = 13; -} - -static void -kyber768_key_generation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - - for (auto _ : state) - { - key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - } -} - -static void -kyber768_encapsulation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - - for (auto _ : state) - { - ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - } -} - -static void -kyber768_decapsulation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - - for (auto _ : state) - { - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - } -} - -BENCHMARK(kyber768_key_generation); -BENCHMARK(kyber768_encapsulation); -BENCHMARK(kyber768_decapsulation); - -static void -kyber768_key_generation_unpacked(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); - - for (auto _ : state) - { - key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); - } -} - -static void -kyber768_encapsulation_unpacked(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); - - for (auto _ : state) - { - ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); - } -} - -static void -kyber768_decapsulation_unpacked(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - - for (auto _ : state) - { - libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); - } -} - -BENCHMARK(kyber768_key_generation_unpacked); -BENCHMARK(kyber768_encapsulation_unpacked); -BENCHMARK(kyber768_decapsulation_unpacked); - -#ifdef LIBCRUX_AARCH64 -#include "libcrux_mlkem768_neon.h" - -static void -kyber768_key_generation_neon(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); - - for (auto _ : state) - { - key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); - } -} - -static void -kyber768_encapsulation_neon(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); - - for (auto _ : state) - { - ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); - } -} - -static void -kyber768_decapsulation_neon(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - - for (auto _ : state) - { - libcrux_ml_kem_mlkem768_neon_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - } -} - -BENCHMARK(kyber768_key_generation_neon); -BENCHMARK(kyber768_encapsulation_neon); -BENCHMARK(kyber768_decapsulation_neon); -#endif - -#ifdef LIBCRUX_X64 -#include "libcrux_mlkem768_avx2.h" - -static void -kyber768_key_generation_avx2(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - - for (auto _ : state) - { - key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - } -} - -static void -kyber768_encapsulation_avx2(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - - for (auto _ : state) - { - ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - } -} - -static void -kyber768_decapsulation_avx2(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - - for (auto _ : state) - { - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - } -} - -BENCHMARK(kyber768_key_generation_avx2); -BENCHMARK(kyber768_encapsulation_avx2); -BENCHMARK(kyber768_decapsulation_avx2); - -static void -kyber768_key_generation_avx2_unpacked(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); - - for (auto _ : state) - { - key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); - } -} - -static void -kyber768_encapsulation_avx2_unpacked(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); - - for (auto _ : state) - { - ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); - } -} - -static void -kyber768_decapsulation_avx2_unpacked(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(randomness); - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, EURYDICE_SLICE(key_pair.public_key_hash, 0, 32), randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - - for (auto _ : state) - { - libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); - } -} - -BENCHMARK(kyber768_key_generation_avx2_unpacked); -BENCHMARK(kyber768_encapsulation_avx2_unpacked); -BENCHMARK(kyber768_decapsulation_avx2_unpacked); - -#endif - -#ifdef LIBCRUX_SYMCRYPT -#include "inc/symcrypt.h" - -static void -symcrypt_kyber768_key_generation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto pKey = SymCryptMlKemkeyAllocate(SymCryptMlKemParamsDraft203MlKem768); - SymCryptMlKemkeyGenerate(pKey, 0); - - for (auto _ : state) - { - pKey = SymCryptMlKemkeyAllocate(SymCryptMlKemParamsDraft203MlKem768); - SymCryptMlKemkeyGenerate(pKey, 0); - } -} - -static void -symcrypt_kyber768_encapsulation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto pKey = SymCryptMlKemkeyAllocate(SymCryptMlKemParamsDraft203MlKem768); - SymCryptMlKemkeyGenerate(pKey, 0); - generate_random(randomness, 32); - - BYTE secret[32]; - BYTE cipher[1088]; - SymCryptMlKemEncapsulate(pKey, secret, 32, cipher, 1088); - - for (auto _ : state) - { - SymCryptMlKemEncapsulate(pKey, secret, 32, cipher, 1088); - } -} - -static void -symcrypt_kyber768_decapsulation(benchmark::State &state) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - - auto pKey = SymCryptMlKemkeyAllocate(SymCryptMlKemParamsDraft203MlKem768); - SymCryptMlKemkeyGenerate(pKey, 0); - - generate_random(randomness, 32); - BYTE secret[32]; - BYTE cipher[1088]; - SymCryptMlKemEncapsulate(pKey, secret, 32, cipher, 1088); - - BYTE sharedSecret2[32]; - - for (auto _ : state) - { - SymCryptMlKemDecapsulate(pKey, cipher, 1088, sharedSecret2, 32); - } -} - -BENCHMARK(symcrypt_kyber768_key_generation); -BENCHMARK(symcrypt_kyber768_encapsulation); -BENCHMARK(symcrypt_kyber768_decapsulation); -#endif - -BENCHMARK_MAIN(); diff --git a/libcrux-ml-kem/c/tests/mlkem768.cc~ b/libcrux-ml-kem/c/tests/mlkem768.cc~ deleted file mode 100644 index c44f3f8bc..000000000 --- a/libcrux-ml-kem/c/tests/mlkem768.cc~ +++ /dev/null @@ -1,606 +0,0 @@ -/* - * Copyright 2023 Cryspen Sarl - * - * Licensed under the Apache License, Version 2.0 or MIT. - * - http://www.apache.org/licenses/LICENSE-2.0 - * - http://opensource.org/licenses/MIT - */ - -#include -#include -#include - -#include "libcrux_sha3.h" -#include "libcrux_mlkem768.h" -#include "libcrux_mlkem768_portable.h" -#include "internal/libcrux_core.h" - -using namespace std; - -typedef vector bytes; - -template -Eurydice_slice mk_slice(T *x, size_t len) -{ - Eurydice_slice s; - s.ptr = (void *)x; - s.len = len; - return s; -} - -// Not really random -void generate_random(uint8_t *output, uint32_t output_len) -{ - for (size_t i = 0; i < output_len; i++) - { - output[i] = 13; - } -} - -vector -from_hex(const string &hex) -{ - if (hex.length() % 2 == 1) - { - throw invalid_argument("Odd-length hex string"); - } - - int len = static_cast(hex.length()) / 2; - vector out(len); - for (int i = 0; i < len; i += 1) - { - string byte = hex.substr(2 * i, 2); - out[i] = static_cast(strtol(byte.c_str(), nullptr, 16)); - } - - return out; -} - -string -bytes_to_hex(const vector &data) -{ - stringstream hex(ios_base::out); - hex.flags(ios::hex); - for (const auto &byte : data) - { - hex << setw(2) << setfill('0') << int(byte); - } - return hex.str(); -} - -class KAT -{ -public: - bytes key_generation_seed; - bytes sha3_256_hash_of_public_key; - bytes sha3_256_hash_of_secret_key; - bytes encapsulation_seed; - bytes sha3_256_hash_of_ciphertext; - bytes shared_secret; -}; - -vector -read_kats(string path) -{ - ifstream kat_file(path); - nlohmann::json kats_raw; - kat_file >> kats_raw; - - vector kats; - - // Read test group - for (auto &kat_raw : kats_raw.items()) - { - auto kat_raw_value = kat_raw.value(); - - kats.push_back(KAT{ - .key_generation_seed = from_hex(kat_raw_value["key_generation_seed"]), - .sha3_256_hash_of_public_key = - from_hex(kat_raw_value["sha3_256_hash_of_public_key"]), - .sha3_256_hash_of_secret_key = - from_hex(kat_raw_value["sha3_256_hash_of_secret_key"]), - .encapsulation_seed = from_hex(kat_raw_value["encapsulation_seed"]), - .sha3_256_hash_of_ciphertext = - from_hex(kat_raw_value["sha3_256_hash_of_ciphertext"]), - .shared_secret = from_hex(kat_raw_value["shared_secret"]), - }); - } - - return kats; -} - -void modify_ciphertext(uint8_t *ciphertext, size_t ciphertext_size) -{ - uint8_t randomness[3]; - generate_random(randomness, 3); - - uint8_t random_byte = randomness[0]; - if (random_byte == 0) - { - random_byte += 1; - } - - uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; - - uint16_t random_position = random_u16 % ciphertext_size; - - ciphertext[random_position] ^= random_byte; -} - -void modify_secret_key(uint8_t *secret_key, - size_t secret_key_size, - bool modify_implicit_rejection_value) -{ - uint8_t randomness[3]; - generate_random(randomness, 3); - - uint8_t random_byte = randomness[0]; - if (random_byte == 0) - { - random_byte += 1; - } - - uint16_t random_u16 = (randomness[2] << 8) | randomness[1]; - - uint16_t random_position = 0; - - if (modify_implicit_rejection_value == true) - { - random_position = (secret_key_size - 32) + (random_u16 % 32); - } - else - { - random_position = random_u16 % (secret_key_size - 32); - } - - secret_key[random_position] ^= random_byte; -} - -uint8_t * -compute_implicit_rejection_shared_secret(uint8_t *ciphertext, - size_t ciphertext_size, - uint8_t *secret_key, - size_t secret_key_size) -{ - uint8_t *hashInput = new uint8_t[32 + ciphertext_size]; - uint8_t *sharedSecret = new uint8_t[32]; - Eurydice_slice ss; - ss.ptr = (void *)sharedSecret; - ss.len = 32; - - std::copy(secret_key + (secret_key_size - 32), - secret_key + secret_key_size, - hashInput); - std::copy(ciphertext, ciphertext + ciphertext_size, hashInput + 32); - - libcrux_sha3_portable_shake256(ss, mk_slice(hashInput, 32 + ciphertext_size)); - - delete[] hashInput; - return sharedSecret; -} - -TEST(MlKem768TestPortable, ConsistencyTest) -{ - uint8_t randomness[64]; - for (int i = 0; i < 64; i++) - { - randomness[i] = 13; - } - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - // cout << "key pair.pk: " << bytes_to_hex(bytes(key_pair.pk.value, key_pair.pk.value + 16U)) << endl; - // cout << "key pair.sk: " << bytes_to_hex(bytes(key_pair.sk.value, key_pair.sk.value + 16U)) << endl; - - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - - // cout << "ctxt: " << bytes_to_hex(bytes(ctxt.fst.value, ctxt.fst.value + 16U)) << endl; - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -} - -TEST(MlKem768TestPortableUnpacked, ConsistencyTest) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(randomness); - - uint8_t randomness2[32]; - generate_random(randomness2, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), randomness2); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -} - -TEST(Kyber768TestPortable, ModifiedCiphertextTest) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - modify_ciphertext(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_NE(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t *implicitRejectionSharedSecret = - compute_implicit_rejection_shared_secret( - ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, - key_pair.sk.value, - LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - - EXPECT_EQ(0, - memcmp(implicitRejectionSharedSecret, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - delete[] implicitRejectionSharedSecret; -} - -TEST(Kyber768TestPortable, ModifiedSecretKeyTest) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_portable_generate_key_pair(randomness); - - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - modify_secret_key( - key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_NE(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - modify_secret_key( - ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - uint8_t *implicitRejectionSharedSecret = - compute_implicit_rejection_shared_secret( - ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, - key_pair.sk.value, - LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - EXPECT_EQ(0, - memcmp(implicitRejectionSharedSecret, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - delete[] implicitRejectionSharedSecret; -} - -TEST(MlKem768TestPortable, NISTKnownAnswerTest) -{ - // XXX: This should be done in a portable way. - auto kats = read_kats("tests/mlkem768_nistkats.json"); - - for (auto kat : kats) - { - auto key_pair = - libcrux_ml_kem_mlkem768_portable_generate_key_pair(kat.key_generation_seed.data()); - - uint8_t pk_hash[32]; - libcrux_sha3_sha256( - mk_slice(key_pair.pk.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), - pk_hash); - EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); - - uint8_t sk_hash[32]; - libcrux_sha3_sha256( - mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); - EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate( - &key_pair.pk, kat.encapsulation_seed.data()); - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - mk_slice(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - } -} - -TEST(MlKem768TestPortableUnpacked, NISTKnownAnswerTest) -{ - // XXX: This should be done in a portable way. - auto kats = read_kats("tests/mlkem768_nistkats.json"); - - for (auto kat : kats) - { - auto key_pair = - libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked(kat.key_generation_seed.data()); - - // We can't check the keys because we don't really have them. - - auto ctxt = libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), kat.encapsulation_seed.data()); - - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - mk_slice(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - } -} - -#ifdef LIBCRUX_X64 -#include "libcrux_mlkem768_avx2.h" - -TEST(MlKem768TestAvx2, ConsistencyTest) -{ - uint8_t randomness[64]; - for (int i = 0; i < 64; i++) - randomness[i] = 13; - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -} - -TEST(Kyber768TestAvx2, ModifiedCiphertextTest) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - modify_ciphertext(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768); - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_NE(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t *implicitRejectionSharedSecret = - compute_implicit_rejection_shared_secret( - ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, - key_pair.sk.value, - LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - - EXPECT_EQ(0, - memcmp(implicitRejectionSharedSecret, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - delete[] implicitRejectionSharedSecret; -} - -TEST(Kyber768TestAvx2, ModifiedSecretKeyTest) -{ - uint8_t randomness[64]; - generate_random(randomness, 64); - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(randomness); - - generate_random(randomness, 32); - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - modify_secret_key( - key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, false); - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_NE(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - modify_secret_key( - ctxt.snd, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768, true); - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - uint8_t *implicitRejectionSharedSecret = - compute_implicit_rejection_shared_secret( - ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768, - key_pair.sk.value, - LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768); - EXPECT_EQ(0, - memcmp(implicitRejectionSharedSecret, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - delete[] implicitRejectionSharedSecret; -} - -TEST(MlKem768TestAvx2, NISTKnownAnswerTest) -{ - // XXX: This should be done in a portable way. - auto kats = read_kats("tests/mlkem768_nistkats.json"); - - for (auto kat : kats) - { - auto key_pair = libcrux_ml_kem_mlkem768_avx2_generate_key_pair(kat.key_generation_seed.data()); - - uint8_t pk_hash[32]; - libcrux_sha3_sha256( - mk_slice(key_pair.pk.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), - pk_hash); - EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); - - uint8_t sk_hash[32]; - libcrux_sha3_sha256( - mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); - EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate( - &key_pair.pk, kat.encapsulation_seed.data()); - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - mk_slice(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_avx2_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - } -} - -TEST(MlKem768TestAvx2Unpacked, NISTKnownAnswerTest) -{ - // XXX: This should be done in a portable way. - auto kats = read_kats("tests/mlkem768_nistkats.json"); - - for (auto kat : kats) - { - auto key_pair = - libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked(kat.key_generation_seed.data()); - - // We can't check the keys because we don't really have them. - - auto ctxt = libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked(&key_pair.public_key, mk_slice(key_pair.public_key_hash, 32), kat.encapsulation_seed.data()); - - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - mk_slice(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked_portable(&key_pair, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - } -} -#endif // LIBCRUX_X64 - -#ifdef LIBCRUX_AARCH64 -#include "libcrux_mlkem768_neon.h" - -TEST(MlKem768TestNeon, ConsistencyTest) -{ - uint8_t randomness[64]; - for (int i = 0; i < 64; i++) - randomness[i] = 13; - auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(randomness); - auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate(&key_pair.pk, randomness); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_neon_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); -} - -TEST(MlKem768TestNeon, NISTKnownAnswerTest) -{ - // XXX: This should be done in a portable way. - auto kats = read_kats("tests/mlkem768_nistkats.json"); - - for (auto kat : kats) - { - auto key_pair = libcrux_ml_kem_mlkem768_neon_generate_key_pair(kat.key_generation_seed.data()); - - uint8_t pk_hash[32]; - libcrux_sha3_sha256( - mk_slice(key_pair.pk.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768), - pk_hash); - EXPECT_EQ(0, memcmp(pk_hash, kat.sha3_256_hash_of_public_key.data(), 32)); - - uint8_t sk_hash[32]; - libcrux_sha3_sha256( - mk_slice(key_pair.sk.value, LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768), sk_hash); - EXPECT_EQ(0, memcmp(sk_hash, kat.sha3_256_hash_of_secret_key.data(), 32)); - - auto ctxt = libcrux_ml_kem_mlkem768_neon_encapsulate( - &key_pair.pk, kat.encapsulation_seed.data()); - uint8_t ct_hash[32]; - libcrux_sha3_sha256( - mk_slice(ctxt.fst.value, - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768), - ct_hash); - EXPECT_EQ(0, memcmp(ct_hash, kat.sha3_256_hash_of_ciphertext.data(), 32)); - EXPECT_EQ(0, - memcmp(ctxt.snd, - kat.shared_secret.data(), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - - uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; - libcrux_ml_kem_mlkem768_neon_decapsulate(&key_pair.sk, &ctxt.fst, sharedSecret2); - - EXPECT_EQ(0, - memcmp(ctxt.snd, - sharedSecret2, - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); - } -} -#endif // LIBCRUX_AARCH64 From 86a5cbad1447205c992a3014cb663ecf1e4d0e8f Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 10 Jul 2024 07:44:52 -0400 Subject: [PATCH 31/31] fixed nits --- libcrux-ml-kem/src/ind_cca.rs | 1 + libcrux-ml-kem/src/mlkem1024.rs | 1 - libcrux-ml-kem/src/mlkem512.rs | 1 - libcrux-ml-kem/src/mlkem768.rs | 1 - libcrux-ml-kem/src/types.rs | 4 ++-- 5 files changed, 3 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 218676b1d..6874559c7 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -279,6 +279,7 @@ pub(crate) fn generate_keypair_unpacked< // core::array::from_fn(|j| A_transpose[j][i]) // }); + #[allow(non_snake_case)] let mut A = core::array::from_fn(|_i| { core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) }); diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index d50e0abaf..f8b605f35 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -61,7 +61,6 @@ pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked { - /// Provides $modp implementations of ML-KEM 1024 #[doc = $doc] pub mod $modp { use super::*; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index a0ac56ca7..561bc68bb 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -58,7 +58,6 @@ pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked { - /// Provides $modp implementations of ML-KEM 512 #[doc = $doc] pub mod $modp { use super::*; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index fb2a84425..0799112ff 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -61,7 +61,6 @@ pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked { - /// Provides $modp implementations of ML-KEM 768 #[doc = $doc] pub mod $modp { use super::*; diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 91c137fce..a10e04d87 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -196,7 +196,7 @@ pub mod unpacked { use crate::{polynomial::PolynomialRingElement, vector::traits::Operations}; /// An unpacked ML-KEM IND-CPA Private Key - pub struct IndCpaPrivateKeyUnpacked { + pub(crate) struct IndCpaPrivateKeyUnpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } @@ -207,7 +207,7 @@ pub mod unpacked { } /// An unpacked ML-KEM IND-CPA Private Key - pub struct IndCpaPublicKeyUnpacked { + pub(crate) struct IndCpaPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], pub(crate) A: [[PolynomialRingElement; K]; K],