diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 142ece36a..f3d30a47e 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -112,6 +112,7 @@ echo " */" >> header.txt echo "Running eurydice ..." echo $EURYDICE_HOME/eurydice --config ../$config -funroll-loops $unrolling \ --header header.txt \ + --debug hashes \ ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc $EURYDICE_HOME/eurydice --config ../$config -funroll-loops $unrolling \ --header header.txt \ diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index d4398bbc2..0c8e91701 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -32,7 +32,7 @@ files: - [libcrux_sha3, neon, "*"] - [libcrux_sha3, simd, arm64, "*"] monomorphizations_exact: - - [libcrux_sha3, generic_keccak, "KeccakState_fc"] + - [libcrux_sha3, generic_keccak, "KeccakState_fc"] # FIXME grep for "old hash: fc" in hash_map on neon machine include_in_h: - '"intrinsics/libcrux_intrinsics_arm64.h"' @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_7f ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ] + - [libcrux_sha3, generic_keccak, absorb_final_fb ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_97 ] api: - [libcrux_sha3, avx2, "*"] private: @@ -59,7 +59,7 @@ files: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - - [libcrux_sha3, generic_keccak, KeccakState_29] + - [libcrux_sha3, generic_keccak, KeccakState_55] include_in_h: - '"intrinsics/libcrux_intrinsics_avx2.h"' diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index a2bfadfce..b599e5a12 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; auto st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); + libcrux_sha3_generic_keccak_absorb_final_fb(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(&st, out); for (auto _ : state) { auto st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); + libcrux_sha3_generic_keccak_absorb_final_fb(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 1941d5aa3..45f22410e 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 +Charon: 1bd0af95285033fec42133810440d56977c17ade +Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 +Karamel: 8c3612018c25889288da6857771be3ad03b75bcd +F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 +Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index d63ff8521..baafb7885 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( +libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_40_af( uint8_t value[1568U]); /** @@ -85,9 +85,9 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_94( + libcrux_ml_kem_types_MlKemPrivateKey_83 sk, + libcrux_ml_kem_types_MlKemPublicKey_64 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -98,7 +98,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( +libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_88_39( uint8_t value[3168U]); /** @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( +libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_40_d0( uint8_t value[1184U]); /** @@ -126,9 +126,9 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_74( + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk, + libcrux_ml_kem_types_MlKemPublicKey_30 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -139,7 +139,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( +libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_88_28( uint8_t value[2400U]); /** @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( +libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_40_4d( uint8_t value[800U]); /** @@ -167,9 +167,9 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_types_from_17_fa( + libcrux_ml_kem_types_MlKemPrivateKey_fa sk, + libcrux_ml_kem_types_MlKemPublicKey_52 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -180,7 +180,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( +libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_88_2a( uint8_t value[1632U]); /** @@ -194,8 +194,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_121( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_ba_d0( + libcrux_ml_kem_types_MlKemPublicKey_30 *self); /** This function found in impl {(core::convert::From<@Array> for @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_80( uint8_t value[1088U]); /** @@ -218,7 +218,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -229,8 +229,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_15(Eurydice_slice slice, + uint8_t ret[1120U]); /** A reference to the raw byte slice. @@ -243,8 +243,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_120( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_ba_4d( + libcrux_ml_kem_types_MlKemPublicKey_52 *self); /** This function found in impl {(core::convert::From<@Array> for @@ -255,7 +255,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( +libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_fc_d0( uint8_t value[768U]); /** @@ -267,8 +267,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_d0( + libcrux_ml_kem_types_MlKemCiphertext_1a *self); /** Pad the `slice` with `0`s at the end. @@ -278,8 +278,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_4d(Eurydice_slice slice, + uint8_t ret[800U]); /** A reference to the raw byte slice. @@ -292,21 +292,21 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_12( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_ba_af( + libcrux_ml_kem_types_MlKemPublicKey_64 *self); /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_00_s { - core_result_Result_86_tags tag; +typedef struct core_result_Result_fb_s { + core_result_Result_a9_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; } val; -} core_result_Result_00; +} core_result_Result_fb; /** This function found in impl {core::result::Result[TraitClause@0, @@ -317,7 +317,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_b3(core_result_Result_fb self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -327,8 +327,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, - uint8_t ret[34U]); +void libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice, + uint8_t ret[34U]); /** This function found in impl {(core::convert::From<@Array> for @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( +libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_fc_af( uint8_t value[1568U]); /** @@ -350,8 +350,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, - uint8_t ret[33U]); +void libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice, + uint8_t ret[33U]); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -362,8 +362,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( - libcrux_ml_kem_types_MlKemCiphertext_1f *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_af( + libcrux_ml_kem_types_MlKemCiphertext_64 *self); /** Pad the `slice` with `0`s at the end. @@ -373,8 +373,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_7f(Eurydice_slice slice, + uint8_t ret[1600U]); /** Pad the `slice` with `0`s at the end. @@ -384,7 +384,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_24(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -392,13 +392,13 @@ A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_6f_s { - core_result_Result_86_tags tag; +typedef struct core_result_Result_b2_s { + core_result_Result_a9_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; } val; -} core_result_Result_6f; +} core_result_Result_b2; /** This function found in impl {core::result::Result[TraitClause@0, @@ -409,20 +409,20 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_70(core_result_Result_b2 self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result with types uint8_t[20size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_7a_s { - core_result_Result_86_tags tag; +typedef struct core_result_Result_e1_s { + core_result_Result_a9_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; } val; -} core_result_Result_7a; +} core_result_Result_e1; /** This function found in impl {core::result::Result[TraitClause@0, @@ -433,20 +433,20 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_20(core_result_Result_e1 self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_cd_s { - core_result_Result_86_tags tag; +typedef struct core_result_Result_9d_s { + core_result_Result_a9_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; } val; -} core_result_Result_cd; +} core_result_Result_9d; /** This function found in impl {core::result::Result[TraitClause@0, @@ -457,20 +457,20 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_ce(core_result_Result_9d self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_c0_s { - core_result_Result_86_tags tag; +typedef struct core_result_Result_0a_s { + core_result_Result_a9_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; } val; -} core_result_Result_c0; +} core_result_Result_0a; /** This function found in impl {core::result::Result[TraitClause@0, @@ -481,7 +481,7 @@ A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_00(core_result_Result_0a self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 76a437be1..d576dc20c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -29,9 +29,9 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f6_s { __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f6; /** Validate an ML-KEM public key. @@ -48,7 +48,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -65,8 +65,8 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +bool libcrux_ml_kem_ind_cca_validate_private_key_12( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); /** @@ -91,7 +91,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d61(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -112,8 +112,8 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_701( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]); /** @@ -138,8 +138,8 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_971( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_a11( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** @@ -157,7 +157,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -174,9 +174,9 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); +bool libcrux_ml_kem_ind_cca_validate_private_key_b9( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext); /** Packed API @@ -200,7 +200,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -221,8 +221,8 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]); /** @@ -247,9 +247,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_970( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_a10( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -266,7 +266,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -283,9 +283,9 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); +bool libcrux_ml_kem_ind_cca_validate_private_key_ad( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext); /** Packed API @@ -308,7 +308,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_ind_cca_generate_keypair_d6( uint8_t randomness[64U]); /** @@ -330,8 +330,8 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]); /** @@ -356,9 +356,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_97( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_a1( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index dddacb13a..55428061a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -34,9 +34,9 @@ A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1d_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1d; /** Validate an ML-KEM public key. @@ -53,7 +53,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -70,9 +70,9 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_0f( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); +bool libcrux_ml_kem_ind_cca_validate_private_key_b5( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext); /** Packed API @@ -96,7 +96,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f81(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -117,8 +117,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_ind_cca_encapsulate_ca1( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]); /** @@ -143,9 +143,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_6a1( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_621( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -162,7 +162,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -179,9 +179,9 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_3d( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); +bool libcrux_ml_kem_ind_cca_validate_private_key_fb( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext); /** Packed API @@ -204,8 +204,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]); +libcrux_ml_kem_types_MlKemKeyPair_3e +libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -226,8 +226,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]); /** @@ -252,9 +252,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_6a0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +void libcrux_ml_kem_ind_cca_decapsulate_620( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -271,7 +271,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -288,8 +288,8 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_46( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +bool libcrux_ml_kem_ind_cca_validate_private_key_37( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); /** @@ -314,7 +314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -335,8 +335,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]); /** @@ -361,8 +361,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_6a( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_62( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a816870cb..9709aac0d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -31,10 +31,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -void libcrux_sha3_generic_keccak_absorb_final_7f( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); +void libcrux_sha3_generic_keccak_absorb_final_fb( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]); -typedef libcrux_sha3_generic_keccak_KeccakState_29 +typedef libcrux_sha3_generic_keccak_KeccakState_55 libcrux_sha3_avx2_x4_incremental_KeccakState; /** @@ -44,8 +44,8 @@ with const generics - N= 4 - RATE= 168 */ -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2728474cc..cb7d7dfb3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __internal_libcrux_sha3_internal_H @@ -21,15 +21,15 @@ extern "C" { #include "../libcrux_sha3_internal.h" #include "eurydice_glue.h" -typedef libcrux_sha3_generic_keccak_KeccakState_48 +typedef libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_KeccakState; /** Create a new SHAKE-128 state object. */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_89_cf(); + return libcrux_sha3_generic_keccak_new_89_04(); } /** @@ -37,9 +37,9 @@ libcrux_sha3_portable_incremental_shake128_init(void) { */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_40(s, buf); + libcrux_sha3_generic_keccak_absorb_final_9e(s, buf); } /** @@ -47,9 +47,9 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, buf); } /** @@ -60,23 +60,23 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_c6(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o2); } /** @@ -84,9 +84,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_c6(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,37 +149,37 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_c6(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(s, o4); } /** @@ -187,9 +187,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_c6(s, buf); } /** @@ -197,17 +197,17 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_400(s, buf); + libcrux_sha3_generic_keccak_absorb_final_9e0(s, buf); } /** Create a new SHAKE-256 state object. */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_89_cf(); + return libcrux_sha3_generic_keccak_new_89_04(); } /** @@ -215,9 +215,9 @@ libcrux_sha3_portable_incremental_shake256_init(void) { */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_c60(s, buf); } /** @@ -225,9 +225,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( */ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c60(s, buf); } /** @@ -237,14 +237,14 @@ with const generics - $1size_t - $136size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { - libcrux_sha3_generic_keccak_KeccakState_48 inner; +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_e2_s { + libcrux_sha3_generic_keccak_KeccakState_17 inner; uint8_t buf[1U][136U]; size_t buf_len; bool sponge; -} libcrux_sha3_generic_keccak_KeccakXofState_4f; +} libcrux_sha3_generic_keccak_KeccakXofState_e2; -typedef libcrux_sha3_generic_keccak_KeccakXofState_4f +typedef libcrux_sha3_generic_keccak_KeccakXofState_e2 libcrux_sha3_portable_incremental_Shake256Absorb; /** @@ -267,14 +267,19 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c6( + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { - if (self->buf_len + input_len >= (size_t)136U) { - consumed = (size_t)136U - self->buf_len; + if ( + /* There's something buffered internally to consume. */ self->buf_len + + input_len >= + (size_t)136U) { + consumed = (size_t)136U - /* We have enough data when combining the + internal buffer and the input. */ + self->buf_len; { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -301,15 +306,15 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c6( + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_c6(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -325,8 +330,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_35(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_5b(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -342,8 +347,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_portable_keccak_load_block_5a_35(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_5b(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); } return remainder; } @@ -371,16 +376,18 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c6( + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); - if (input_remainder_len > (size_t)0U) { + libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs); + if ( + /* ... buffer the rest if there's not enough input (left). */ + input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; @@ -406,12 +413,12 @@ This function found in impl libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline void libcrux_sha3_portable_incremental_absorb_7d( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_c6(self, buf); } -typedef libcrux_sha3_generic_keccak_KeccakXofState_4f +typedef libcrux_sha3_generic_keccak_KeccakXofState_e2 libcrux_sha3_portable_incremental_Shake256Squeeze; /** @@ -432,15 +439,15 @@ with const generics - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e( + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_e2 *uu____0 = self; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_c6(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -471,8 +478,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); } /** @@ -483,11 +490,11 @@ This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +static inline libcrux_sha3_generic_keccak_KeccakXofState_e2 libcrux_sha3_portable_incremental_absorb_final_7d( - libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { + libcrux_sha3_generic_keccak_KeccakXofState_e2 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_9e(&self, buf); return self; } @@ -505,7 +512,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_c6( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -659,12 +666,12 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { - libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); +static inline libcrux_sha3_generic_keccak_KeccakXofState_e2 +libcrux_sha3_generic_keccak_new_8b_c6(void) { + libcrux_sha3_generic_keccak_KeccakXofState_e2 lit; + lit.inner = libcrux_sha3_generic_keccak_new_89_04(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_c6(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -679,9 +686,9 @@ This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +static inline libcrux_sha3_generic_keccak_KeccakXofState_e2 libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_8b_c6(); } /** @@ -691,14 +698,14 @@ with const generics - $1size_t - $168size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { - libcrux_sha3_generic_keccak_KeccakState_48 inner; +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_97_s { + libcrux_sha3_generic_keccak_KeccakState_17 inner; uint8_t buf[1U][168U]; size_t buf_len; bool sponge; -} libcrux_sha3_generic_keccak_KeccakXofState_78; +} libcrux_sha3_generic_keccak_KeccakXofState_97; -typedef libcrux_sha3_generic_keccak_KeccakXofState_78 +typedef libcrux_sha3_generic_keccak_KeccakXofState_97 libcrux_sha3_portable_incremental_Shake128Absorb; /** @@ -721,14 +728,19 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_c60( + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { - if (self->buf_len + input_len >= (size_t)168U) { - consumed = (size_t)168U - self->buf_len; + if ( + /* There's something buffered internally to consume. */ self->buf_len + + input_len >= + (size_t)168U) { + consumed = (size_t)168U - /* We have enough data when combining the + internal buffer and the input. */ + self->buf_len; { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -755,15 +767,15 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_c60( + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_c60(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -779,8 +791,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_350(uu____2, uu____3); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_3a(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); self->buf_len = (size_t)0U; } size_t input_to_consume = @@ -796,8 +808,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_portable_keccak_load_block_5a_350(uu____4, ret); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_load_block_5a_3a(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); } return remainder; } @@ -825,16 +837,18 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_c60( + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); - if (input_remainder_len > (size_t)0U) { + libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs); + if ( + /* ... buffer the rest if there's not enough input (left). */ + input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; @@ -857,12 +871,12 @@ This function found in impl libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline void libcrux_sha3_portable_incremental_absorb_1c( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_c60(self, buf); } -typedef libcrux_sha3_generic_keccak_KeccakXofState_78 +typedef libcrux_sha3_generic_keccak_KeccakXofState_97 libcrux_sha3_portable_incremental_Shake128Squeeze; /** @@ -883,15 +897,15 @@ with const generics - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_9e0( + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice inputs[1U]) { - libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + libcrux_sha3_generic_keccak_KeccakXofState_97 *uu____0 = self; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_c60(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -922,8 +936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( uint64_t(*uu____6)[5U] = self->inner.st; uint8_t uu____7[1U][200U]; memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____6, uu____7); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); } /** @@ -931,11 +945,11 @@ This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for libcrux_sha3::portable::incremental::Shake128Absorb)} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +static inline libcrux_sha3_generic_keccak_KeccakXofState_97 libcrux_sha3_portable_incremental_absorb_final_1c( - libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { + libcrux_sha3_generic_keccak_KeccakXofState_97 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_9e0(&self, buf); return self; } @@ -953,7 +967,7 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_c60( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1139,12 +1153,12 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { - libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); +static inline libcrux_sha3_generic_keccak_KeccakXofState_97 +libcrux_sha3_generic_keccak_new_8b_c60(void) { + libcrux_sha3_generic_keccak_KeccakXofState_97 lit; + lit.inner = libcrux_sha3_generic_keccak_new_89_04(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_c60(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1156,9 +1170,9 @@ This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for libcrux_sha3::portable::incremental::Shake128Absorb)} */ -static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +static inline libcrux_sha3_generic_keccak_KeccakXofState_97 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_8b_c60(); } /** @@ -1173,7 +1187,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_5b( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; @@ -1214,17 +1228,23 @@ with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c6( + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); } size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)136U; size_t last = out_len - out_len % (size_t)136U; size_t mid; - if ((size_t)136U >= out_len) { + if ((size_t)136U >= + /* Squeeze out one to start with. XXX: Eurydice does not extract + `core::cmp::min`, so we do this instead. (cf. + https://github.com/AeneasVerif/eurydice/issues/49) */ + out_len + + ) { mid = out_len; } else { mid = (size_t)136U; @@ -1235,33 +1255,40 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out00); - core_ops_range_Range_b3 iter = + libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out00); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + (CLITERAL(core_ops_range_Range_08){ + .start = (size_t)1U, + .end = /* If we got asked for more than one block, squeeze out + more. */ + blocks}), + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we + always have full + blocks to write out. + */ + out_rest, (size_t)136U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); - libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); + libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); - libcrux_sha3_portable_keccak_store_5a_81(self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); + libcrux_sha3_portable_keccak_store_5a_5b(self->inner.st, out_rest); } self->sponge = true; } @@ -1275,9 +1302,9 @@ This function found in impl libcrux_sha3::portable::incremental::Shake256Squeeze)#3} */ static inline void libcrux_sha3_portable_incremental_squeeze_8a( - libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakXofState_e2 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_c6(self, buf); } /** @@ -1292,7 +1319,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_3a( uint64_t (*state)[5U], Eurydice_slice out[1U]) { size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; @@ -1333,17 +1360,23 @@ with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_c60( + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out[1U]) { if (self->sponge) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); } size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)168U; size_t last = out_len - out_len % (size_t)168U; size_t mid; - if ((size_t)168U >= out_len) { + if ((size_t)168U >= + /* Squeeze out one to start with. XXX: Eurydice does not extract + `core::cmp::min`, so we do this instead. (cf. + https://github.com/AeneasVerif/eurydice/issues/49) */ + out_len + + ) { mid = out_len; } else { mid = (size_t)168U; @@ -1354,33 +1387,40 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice out_rest[1U]; memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out00); - core_ops_range_Range_b3 iter = + libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out00); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + (CLITERAL(core_ops_range_Range_08){ + .start = (size_t)1U, + .end = /* If we got asked for more than one block, squeeze out + more. */ + blocks}), + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + libcrux_sha3_portable_keccak_split_at_mut_n_5a(/* Here we know that we + always have full + blocks to write out. + */ + out_rest, (size_t)168U); Eurydice_slice out0[1U]; memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice tmp[1U]; memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); - libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out0); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); + libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out0); memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < out_len) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&self->inner); - libcrux_sha3_portable_keccak_store_5a_810(self->inner.st, out_rest); + libcrux_sha3_generic_keccak_keccakf1600_04(&self->inner); + libcrux_sha3_portable_keccak_store_5a_3a(self->inner.st, out_rest); } self->sponge = true; } @@ -1394,18 +1434,18 @@ This function found in impl libcrux_sha3::portable::incremental::Shake128Squeeze)#1} */ static inline void libcrux_sha3_portable_incremental_squeeze_10( - libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { + libcrux_sha3_generic_keccak_KeccakXofState_97 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_c60(self, buf); } /** This function found in impl {(core::clone::Clone for libcrux_sha3::portable::KeccakState)} */ -static inline libcrux_sha3_generic_keccak_KeccakState_48 +static inline libcrux_sha3_generic_keccak_KeccakState_17 libcrux_sha3_portable_clone_3d( - libcrux_sha3_generic_keccak_KeccakState_48 *self) { + libcrux_sha3_generic_keccak_KeccakState_17 *self) { return self[0U]; } diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index dbe3aec09..25313e254 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -81,6 +81,8 @@ #define KRML_NOINLINE __declspec(noinline) #elif defined(__GNUC__) #define KRML_NOINLINE __attribute__((noinline, unused)) +#elif defined(__SUNPRO_C) +#define KRML_NOINLINE __attribute__((noinline)) #else #define KRML_NOINLINE #warning "The KRML_NOINLINE macro is not defined for this toolchain!" @@ -95,6 +97,8 @@ #define KRML_MUSTINLINE inline __forceinline #elif defined(__GNUC__) #define KRML_MUSTINLINE inline __attribute__((always_inline)) +#elif defined(__SUNPRO_C) +#define KRML_MUSTINLINE inline __attribute__((always_inline)) #else #define KRML_MUSTINLINE inline #warning \ @@ -209,6 +213,8 @@ inline static int32_t krml_time(void) { return (int32_t)time(NULL); } #elif defined(__GNUC__) /* deprecated attribute is not defined in GCC < 4.5. */ #define KRML_DEPRECATED(x) +#elif defined(__SUNPRO_C) +#define KRML_DEPRECATED(x) __attribute__((deprecated(x))) #elif defined(_MSC_VER) #define KRML_DEPRECATED(x) __declspec(deprecated(x)) #endif diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d9873deab..110766e1c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "internal/libcrux_core.h" @@ -91,12 +91,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( +libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_types_from_40_af( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; + libcrux_ml_kem_types_MlKemPublicKey_64 lit; memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -114,9 +114,9 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_94( + libcrux_ml_kem_types_MlKemPrivateKey_83 sk, + libcrux_ml_kem_types_MlKemPublicKey_64 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } @@ -130,12 +130,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( +libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_types_from_88_39( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + libcrux_ml_kem_types_MlKemPrivateKey_83 lit; memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -149,12 +149,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( +libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_types_from_40_d0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; + libcrux_ml_kem_types_MlKemPublicKey_30 lit; memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -172,9 +172,9 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_74( + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk, + libcrux_ml_kem_types_MlKemPublicKey_30 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } @@ -188,12 +188,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( +libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_types_from_88_28( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + libcrux_ml_kem_types_MlKemPrivateKey_d9 lit; memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -207,12 +207,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( +libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_types_from_40_4d( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; + libcrux_ml_kem_types_MlKemPublicKey_52 lit; memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -230,10 +230,10 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_types_from_17_fa( + libcrux_ml_kem_types_MlKemPrivateKey_fa sk, + libcrux_ml_kem_types_MlKemPublicKey_52 pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_3e){.sk = sk, .pk = pk}); } /** @@ -245,12 +245,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( +libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_types_from_88_2a( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + libcrux_ml_kem_types_MlKemPrivateKey_fa lit; memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -266,8 +266,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_121( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_ba_d0( + libcrux_ml_kem_types_MlKemPublicKey_30 *self) { return self->value; } @@ -280,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_80( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -299,7 +299,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_80( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -312,8 +312,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, - uint8_t ret[1120U]) { +void libcrux_ml_kem_utils_into_padded_array_15(Eurydice_slice slice, + uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( @@ -334,8 +334,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_120( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_ba_4d( + libcrux_ml_kem_types_MlKemPublicKey_52 *self) { return self->value; } @@ -348,12 +348,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( +libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_types_from_fc_d0( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + libcrux_ml_kem_types_MlKemCiphertext_1a lit; memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -367,8 +367,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_d0( + libcrux_ml_kem_types_MlKemCiphertext_1a *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -380,8 +380,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, - uint8_t ret[800U]) { +void libcrux_ml_kem_utils_into_padded_array_4d(Eurydice_slice slice, + uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( @@ -402,8 +402,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_12( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_ba_af( + libcrux_ml_kem_types_MlKemPublicKey_64 *self) { return self->value; } @@ -416,7 +416,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_b3(core_result_Result_fb self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -436,8 +436,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, - uint8_t ret[34U]) { +void libcrux_ml_kem_utils_into_padded_array_b6(Eurydice_slice slice, + uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( @@ -456,12 +456,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( +libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_types_from_fc_af( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_1f lit; + libcrux_ml_kem_types_MlKemCiphertext_64 lit; memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -474,8 +474,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, - uint8_t ret[33U]) { +void libcrux_ml_kem_utils_into_padded_array_c8(Eurydice_slice slice, + uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( @@ -494,8 +494,8 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( - libcrux_ml_kem_types_MlKemCiphertext_1f *self) { +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_af( + libcrux_ml_kem_types_MlKemCiphertext_64 *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -507,8 +507,8 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, - uint8_t ret[1600U]) { +void libcrux_ml_kem_utils_into_padded_array_7f(Eurydice_slice slice, + uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( @@ -526,7 +526,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_24(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -546,7 +546,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_70(core_result_Result_b2 self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -567,7 +567,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_20(core_result_Result_e1 self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -588,7 +588,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_ce(core_result_Result_9d self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -609,7 +609,7 @@ A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_00(core_result_Result_0a self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -630,7 +630,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_68(core_result_Result_15 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b6fc94baa..009864abd 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_core_H @@ -25,30 +25,30 @@ A monomorphic instance of core.ops.range.Range with types size_t */ -typedef struct core_ops_range_Range_b3_s { +typedef struct core_ops_range_Range_08_s { size_t start; size_t end; -} core_ops_range_Range_b3; +} core_ops_range_Range_08; #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result_86_tags; +typedef uint8_t core_result_Result_a9_tags; #define core_option_None 0 #define core_option_Some 1 -typedef uint8_t core_option_Option_ef_tags; +typedef uint8_t core_option_Option_9e_tags; /** A monomorphic instance of core.option.Option with types size_t */ -typedef struct core_option_Option_b3_s { - core_option_Option_ef_tags tag; +typedef struct core_option_Option_08_s { + core_option_Option_9e_tags tag; size_t f0; -} core_option_Option_b3; +} core_option_Option_08; static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); @@ -59,22 +59,22 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics - $1568size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { +typedef struct libcrux_ml_kem_types_MlKemPublicKey_64_s { uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemPublicKey_1f; +} libcrux_ml_kem_types_MlKemPublicKey_64; /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics - $3168size_t */ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s { +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_83_s { uint8_t value[3168U]; -} libcrux_ml_kem_types_MlKemPrivateKey_95; +} libcrux_ml_kem_types_MlKemPrivateKey_83; typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_95 sk; - libcrux_ml_kem_types_MlKemPublicKey_1f pk; + libcrux_ml_kem_types_MlKemPrivateKey_83 sk; + libcrux_ml_kem_types_MlKemPublicKey_64 pk; } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; /** @@ -82,22 +82,22 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics - $1184size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { +typedef struct libcrux_ml_kem_types_MlKemPublicKey_30_s { uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; +} libcrux_ml_kem_types_MlKemPublicKey_30; /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics - $2400size_t */ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_d9_s { uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_55; +} libcrux_ml_kem_types_MlKemPrivateKey_d9; typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; + libcrux_ml_kem_types_MlKemPrivateKey_d9 sk; + libcrux_ml_kem_types_MlKemPublicKey_30 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; /** @@ -105,18 +105,18 @@ A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics - $800size_t */ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { +typedef struct libcrux_ml_kem_types_MlKemPublicKey_52_s { uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; +} libcrux_ml_kem_types_MlKemPublicKey_52; /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics - $1632size_t */ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_fa_s { uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; +} libcrux_ml_kem_types_MlKemPrivateKey_fa; /** A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair @@ -124,10 +124,10 @@ with const generics - $1632size_t - $800size_t */ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; +typedef struct libcrux_ml_kem_types_MlKemKeyPair_3e_s { + libcrux_ml_kem_types_MlKemPrivateKey_fa sk; + libcrux_ml_kem_types_MlKemPublicKey_52 pk; +} libcrux_ml_kem_types_MlKemKeyPair_3e; typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; @@ -139,38 +139,38 @@ with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], uint8_t[32size_t] */ -typedef struct tuple_3c_s { +typedef struct tuple_c2_s { libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; uint8_t snd[32U]; -} tuple_3c; +} tuple_c2; /** A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext with const generics - $768size_t */ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { +typedef struct libcrux_ml_kem_types_MlKemCiphertext_1a_s { uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; +} libcrux_ml_kem_types_MlKemCiphertext_1a; /** A monomorphic instance of K. with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] */ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; +typedef struct tuple_41_s { + libcrux_ml_kem_types_MlKemCiphertext_1a fst; uint8_t snd[32U]; -} tuple_ec; +} tuple_41; /** A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext with const generics - $1568size_t */ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_1f_s { +typedef struct libcrux_ml_kem_types_MlKemCiphertext_64_s { uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemCiphertext_1f; +} libcrux_ml_kem_types_MlKemCiphertext_64; /** A monomorphic instance of K. @@ -178,23 +178,23 @@ with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], uint8_t[32size_t] */ -typedef struct tuple_21_s { - libcrux_ml_kem_types_MlKemCiphertext_1f fst; +typedef struct tuple_fa_s { + libcrux_ml_kem_types_MlKemCiphertext_64 fst; uint8_t snd[32U]; -} tuple_21; +} tuple_fa; /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_56_s { - core_result_Result_86_tags tag; +typedef struct core_result_Result_15_s { + core_result_Result_a9_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; } val; -} core_result_Result_56; +} core_result_Result_15; /** This function found in impl {core::result::Result[TraitClause@0, @@ -205,7 +205,7 @@ A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_68(core_result_Result_15 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index b3a6aef7e..5ecb952af 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem1024_H @@ -70,13 +70,13 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) -typedef libcrux_ml_kem_types_MlKemCiphertext_1f +typedef libcrux_ml_kem_types_MlKemCiphertext_64 libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; -typedef libcrux_ml_kem_types_MlKemPrivateKey_95 +typedef libcrux_ml_kem_types_MlKemPrivateKey_83 libcrux_ml_kem_mlkem1024_MlKem1024PrivateKey; -typedef libcrux_ml_kem_types_MlKemPublicKey_1f +typedef libcrux_ml_kem_types_MlKemPublicKey_64 libcrux_ml_kem_mlkem1024_MlKem1024PublicKey; #define LIBCRUX_ML_KEM_MLKEM1024_RANKED_BYTES_PER_RING_ELEMENT_1024 \ diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index ead7903df..83d469592 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_800( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_970(private_key, ciphertext, ret); +static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_a10(private_key, ciphertext, ret); } /** @@ -52,9 +52,9 @@ static void decapsulate_800( [`MlKem1024Ciphertext`]. */ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_800(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) { + decapsulate_e0(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_4d0( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +static tuple_fa encapsulate_8f( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9c0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_700(uu____0, copy_of_randomness); } /** @@ -91,14 +91,14 @@ static tuple_21 encapsulate_4d0( The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_mlkem1024_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4d0(uu____0, copy_of_randomness); + return encapsulate_8f(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_740( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c9( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d60(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_740(copy_of_randomness); + return generate_keypair_c9(copy_of_randomness); } /** @@ -145,11 +145,11 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_2d0( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d0(private_key, - ciphertext); +static KRML_MUSTINLINE bool validate_private_key_6b( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_b9(private_key, + ciphertext); } /** @@ -158,9 +158,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d0( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_2d0(private_key, ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) { + return validate_private_key_6b(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_060(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_050(public_key); +static KRML_MUSTINLINE bool validate_public_key_6b(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_1e(public_key); } /** @@ -184,6 +184,6 @@ static KRML_MUSTINLINE bool validate_public_key_060(uint8_t *public_key) { Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_060(public_key->value); + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key) { + return validate_public_key_6b(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 0137867e0..1716b8a87 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -29,8 +29,8 @@ extern "C" { [`MlKem1024Ciphertext`]. */ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 1024 @@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_mlkem1024_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]); /** @@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext); /** Validate a public key. @@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 44f7cd132..5117eef64 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_mlkem1024_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c41( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a1(private_key, ciphertext, ret); +static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_621(private_key, ciphertext, ret); } /** @@ -52,9 +52,9 @@ static void decapsulate_c41( [`MlKem1024Ciphertext`]. */ void libcrux_ml_kem_mlkem1024_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_c41(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) { + decapsulate_e0(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_591( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +static tuple_fa encapsulate_8f( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b11(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_ca1(uu____0, copy_of_randomness); } /** @@ -91,14 +91,14 @@ static tuple_21 encapsulate_591( The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_mlkem1024_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_64 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_591(uu____0, copy_of_randomness); + return encapsulate_8f(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6b1( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c9( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_541(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f81(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b1(copy_of_randomness); + return generate_keypair_c9(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_7c1( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_0f(private_key, +static KRML_MUSTINLINE bool validate_private_key_6b( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_b5(private_key, ciphertext); } @@ -159,9 +159,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c1( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_7c1(private_key, ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext) { + return validate_private_key_6b(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_981(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); +static KRML_MUSTINLINE bool validate_public_key_6b(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key); } /** @@ -185,6 +185,6 @@ static KRML_MUSTINLINE bool validate_public_key_981(uint8_t *public_key) { Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_981(public_key->value); + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key) { + return validate_public_key_6b(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index f90019244..51024a3d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem1024_portable_H @@ -29,8 +29,8 @@ extern "C" { [`MlKem1024Ciphertext`]. */ void libcrux_ml_kem_mlkem1024_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 1024 @@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_mlkem1024_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]); /** @@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext); /** Validate a public key. @@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index c5a45c75e..49cfcc358 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem512_H @@ -68,16 +68,16 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) -typedef libcrux_ml_kem_types_MlKemCiphertext_e8 +typedef libcrux_ml_kem_types_MlKemCiphertext_1a libcrux_ml_kem_mlkem512_MlKem512Ciphertext; -typedef libcrux_ml_kem_types_MlKemKeyPair_cb +typedef libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_mlkem512_MlKem512KeyPair; -typedef libcrux_ml_kem_types_MlKemPrivateKey_5e +typedef libcrux_ml_kem_types_MlKemPrivateKey_fa libcrux_ml_kem_mlkem512_MlKem512PrivateKey; -typedef libcrux_ml_kem_types_MlKemPublicKey_be +typedef libcrux_ml_kem_types_MlKemPublicKey_52 libcrux_ml_kem_mlkem512_MlKem512PublicKey; #define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index dbd91535d..b476643b2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, +static void decapsulate_69(libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_97(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a1(private_key, ciphertext, ret); } /** @@ -52,9 +52,9 @@ static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, [`MlKem512Ciphertext`]. */ void libcrux_ml_kem_mlkem512_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_80(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { + decapsulate_69(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_4d( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +static tuple_41 encapsulate_35( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9c(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_70(uu____0, copy_of_randomness); } /** @@ -91,14 +91,14 @@ static tuple_ec encapsulate_4d( The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_mlkem512_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4d(uu____0, copy_of_randomness); + return encapsulate_35(uu____0, copy_of_randomness); } /** @@ -115,23 +115,23 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_74( +static libcrux_ml_kem_types_MlKemKeyPair_3e generate_keypair_a8( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d6(copy_of_randomness); } /** Generate ML-KEM 512 Key Pair */ -libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_74(copy_of_randomness); + return generate_keypair_a8(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_2d( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d(private_key, +static KRML_MUSTINLINE bool validate_private_key_1c( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_ad(private_key, ciphertext); } @@ -158,9 +158,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_2d(private_key, ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) { + return validate_private_key_1c(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_06(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_05(public_key); +static KRML_MUSTINLINE bool validate_public_key_1c(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_ba(public_key); } /** @@ -184,6 +184,6 @@ static KRML_MUSTINLINE bool validate_public_key_06(uint8_t *public_key) { Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_06(public_key->value); + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key) { + return validate_public_key_1c(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 52b13f940..c7cfea82e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem512_avx2_H @@ -29,8 +29,8 @@ extern "C" { [`MlKem512Ciphertext`]. */ void libcrux_ml_kem_mlkem512_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 512 @@ -39,14 +39,14 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_mlkem512_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]); /** Generate ML-KEM 512 Key Pair */ -libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); /** @@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext); /** Validate a public key. @@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key); + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 1ccf583ba..585d047b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a0(private_key, ciphertext, ret); +static void decapsulate_69(libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_620(private_key, ciphertext, ret); } /** @@ -52,9 +52,9 @@ static void decapsulate_c40( [`MlKem512Ciphertext`]. */ void libcrux_ml_kem_mlkem512_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_c40(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { + decapsulate_69(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_590( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +static tuple_41 encapsulate_35( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b10(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_ca0(uu____0, copy_of_randomness); } /** @@ -91,14 +91,14 @@ static tuple_ec encapsulate_590( The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_mlkem512_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_52 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_590(uu____0, copy_of_randomness); + return encapsulate_35(uu____0, copy_of_randomness); } /** @@ -116,23 +116,23 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6b0( +static libcrux_ml_kem_types_MlKemKeyPair_3e generate_keypair_a8( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f80(copy_of_randomness); } /** Generate ML-KEM 512 Key Pair */ -libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b0(copy_of_randomness); + return generate_keypair_a8(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_7c0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, +static KRML_MUSTINLINE bool validate_private_key_1c( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_fb(private_key, ciphertext); } @@ -159,9 +159,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c0( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_7c0(private_key, ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext) { + return validate_private_key_1c(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_980(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); +static KRML_MUSTINLINE bool validate_public_key_1c(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_86(public_key); } /** @@ -185,6 +185,6 @@ static KRML_MUSTINLINE bool validate_public_key_980(uint8_t *public_key) { Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_980(public_key->value); + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key) { + return validate_public_key_1c(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 1d12a463f..8f8343374 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem512_portable_H @@ -29,8 +29,8 @@ extern "C" { [`MlKem512Ciphertext`]. */ void libcrux_ml_kem_mlkem512_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 512 @@ -39,14 +39,14 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_mlkem512_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]); /** Generate ML-KEM 512 Key Pair */ -libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); /** @@ -55,8 +55,8 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext); + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext); /** Validate a public key. @@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key); + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 8c310f854..fcf432f4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem768_H @@ -68,10 +68,10 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 +typedef libcrux_ml_kem_types_MlKemPrivateKey_d9 libcrux_ml_kem_mlkem768_MlKem768PrivateKey; -typedef libcrux_ml_kem_types_MlKemPublicKey_15 +typedef libcrux_ml_kem_types_MlKemPublicKey_30 libcrux_ml_kem_mlkem768_MlKem768PublicKey; #define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 40d410fc0..d15af93e1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_801( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +static void decapsulate_35( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_971(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a11(private_key, ciphertext, ret); } /** @@ -52,9 +52,9 @@ static void decapsulate_801( [`MlKem768Ciphertext`]. */ void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_801(private_key, ciphertext, ret); + decapsulate_35(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4d1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +static tuple_c2 encapsulate_cd( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9c1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_701(uu____0, copy_of_randomness); } /** @@ -91,14 +91,14 @@ static tuple_3c encapsulate_4d1( The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4d1(uu____0, copy_of_randomness); + return encapsulate_cd(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_741( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c6( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_511(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d61(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_741(copy_of_randomness); + return generate_keypair_c6(copy_of_randomness); } /** @@ -145,11 +145,11 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_2d1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +static KRML_MUSTINLINE bool validate_private_key_31( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d1(private_key, - ciphertext); + return libcrux_ml_kem_ind_cca_validate_private_key_12(private_key, + ciphertext); } /** @@ -158,9 +158,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d1( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_2d1(private_key, ciphertext); + return validate_private_key_31(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_061(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_051(public_key); +static KRML_MUSTINLINE bool validate_public_key_31(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_ed(public_key); } /** @@ -184,6 +184,6 @@ static KRML_MUSTINLINE bool validate_public_key_061(uint8_t *public_key) { Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_061(public_key->value); + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) { + return validate_public_key_31(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index a2ee6c8d8..6e7e4feaf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem768_avx2_H @@ -29,7 +29,7 @@ extern "C" { [`MlKem768Ciphertext`]. */ void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** @@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]); /** @@ -55,7 +55,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); /** @@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 67296e121..4a1407f11 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +static void decapsulate_35( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_62(private_key, ciphertext, ret); } /** @@ -52,9 +52,9 @@ static void decapsulate_c4( [`MlKem768Ciphertext`]. */ void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c4(private_key, ciphertext, ret); + decapsulate_35(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_59( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +static tuple_c2 encapsulate_cd( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_ca(uu____0, copy_of_randomness); } /** @@ -91,14 +91,14 @@ static tuple_3c encapsulate_59( The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + libcrux_ml_kem_types_MlKemPublicKey_30 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_59(uu____0, copy_of_randomness); + return encapsulate_cd(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6b( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c6( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f8(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b(copy_of_randomness); + return generate_keypair_c6(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_7c( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +static KRML_MUSTINLINE bool validate_private_key_31( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_37(private_key, ciphertext); } @@ -159,9 +159,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_7c(private_key, ciphertext); + return validate_private_key_31(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_98(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); +static KRML_MUSTINLINE bool validate_public_key_31(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); } /** @@ -185,6 +185,6 @@ static KRML_MUSTINLINE bool validate_public_key_98(uint8_t *public_key) { Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_98(public_key->value); + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key) { + return validate_public_key_31(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 8ba4db78e..8f8e23c26 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem768_portable_H @@ -29,7 +29,7 @@ extern "C" { [`MlKem768Ciphertext`]. */ void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** @@ -39,8 +39,8 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. */ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_mlkem768_portable_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]); /** @@ -55,7 +55,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); /** @@ -64,7 +64,7 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 21d70b037..2718c2613 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "internal/libcrux_mlkem_avx2.h" @@ -135,11 +135,16 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { __m256i field_modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + __m256i v_minus_field_modulus = + mm256_sub_epi16(/* Compute v_i - Q and crate a mask from the sign bit of + each of these quantities. */ + vector, + field_modulus); __m256i sign_mask = mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); - __m256i conditional_add_field_modulus = - mm256_and_si256(sign_mask, field_modulus); + __m256i conditional_add_field_modulus = mm256_and_si256( + /* If v_i - Q < 0 then add back Q to (v_i - Q). */ sign_mask, + field_modulus); return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } @@ -443,6 +448,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + /* Compute the first term of the product */ __m256i shuffle_with = mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, @@ -450,7 +456,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled = + mm256_shuffle_epi8(/* Prepare the left hand side */ lhs, shuffle_with); __m256i lhs_shuffled0 = mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); @@ -458,7 +465,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m128i lhs_odds = mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled = + mm256_shuffle_epi8(/* Prepare the right hand side */ rhs, shuffle_with); __m256i rhs_shuffled0 = mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); @@ -466,7 +474,8 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m128i rhs_odds = mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); - __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i left = + mm256_mullo_epi32(/* Start operating with them */ lhs_evens0, rhs_evens0); __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); @@ -479,7 +488,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( - rhs, + /* Compute the second term of the product */ rhs, mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, @@ -493,8 +502,9 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( products_right); __m256i products_right1 = mm256_slli_epi32((int32_t)16, products_right0, __m256i); - return mm256_blend_epi16((int32_t)170, products_left0, products_right1, - __m256i); + return mm256_blend_epi16((int32_t)170, + /* Combine them into one vector */ products_left0, + products_right1, __m256i); } /** @@ -511,11 +521,44 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = mm_movemask_epi8(msbs); + __m256i lsb_to_msb = mm256_slli_epi16( + (int32_t)15, + /* Suppose |vector| is laid out as follows (superscript number indicates + the corresponding bit is duplicated that many times): 0¹⁵a₀ 0¹⁵b₀ 0¹⁵c₀ + 0¹⁵d₀ | 0¹⁵e₀ 0¹⁵f₀ 0¹⁵g₀ 0¹⁵h₀ | ... We care only about the least + significant bit in each lane, move it to the most significant position + to make it easier to work with. |vector| now becomes: a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ + d₀0¹⁵ | e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ | ↩ i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ l₀0¹⁵ | m₀0¹⁵ + n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ */ + vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128( + /* Get the first 8 16-bit elements ... */ lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256( + (int32_t)1, + /* ... and the next 8 16-bit elements ... */ lsb_to_msb, __m128i); + __m128i msbs = + mm_packs_epi16(/* ... and then pack them into 8-bit values using signed + saturation. This function packs all the |low_msbs|, and + then the high ones. low_msbs = a₀0¹⁵ b₀0¹⁵ c₀0¹⁵ d₀0¹⁵ | + e₀0¹⁵ f₀0¹⁵ g₀0¹⁵ h₀0¹⁵ high_msbs = i₀0¹⁵ j₀0¹⁵ k₀0¹⁵ + l₀0¹⁵ | m₀0¹⁵ n₀0¹⁵ o₀0¹⁵ p₀0¹⁵ We shifted by 15 above + to take advantage of the signed saturation performed by + mm_packs_epi16: - if the sign bit of the 16-bit element + being packed is 1, the corresponding 8-bit element in + |msbs| will be 0xFF. - if the sign bit of the 16-bit + element being packed is 0, the corresponding 8-bit + element in |msbs| will be 0. Thus, if, for example, a₀ = + 1, e₀ = 1, and p₀ = 1, and every other bit is 0, after + packing into 8 bit value, |msbs| will look like: 0xFF + 0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00 + 0x00 | 0x00 0x00 0x00 0xFF */ + low_msbs, + high_msbs); + int32_t bits_packed = + mm_movemask_epi8(/* Now that every element is either 0xFF or 0x00, we just + extract the most significant bit from each element and + collate them into two bytes. */ + msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -534,7 +577,19 @@ void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index( + bytes, + /* We need to take each bit from the 2 bytes of input and put them + into their own 16-bit lane. Ideally, we'd load the two bytes into + the vector, duplicate them, and right-shift the 0th element by 0 + bits, the first element by 1 bit, the second by 2 bits and so on + before AND-ing with 0x1 to leave only the least signifinicant bit. + But since |_mm256_srlv_epi16| does not exist, so we have to resort + to a workaround. Rather than shifting each element by a different + amount, we'll multiply each element by a value such that the bit + we're interested in becomes the most significant bit. The + coefficients are loaded as follows: */ + (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), @@ -557,7 +612,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); __m256i coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); + return mm256_srli_epi16( + (int32_t)15, + /* Now that they're all in the most significant bit position, shift them + down to the least significant bit. */ + coefficients_in_msb, __m256i); } /** @@ -571,35 +630,61 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_2_combined, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - __m256i combined = mm256_permutevar8x32_epi32( - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m256i adjacent_2_combined = + mm256_madd_epi16(/* If |vector| is laid out as follows: 0x000A 0x000B + 0x000C 0x000D | 0x000E 0x000F 0x000G 0x000H | .... + |adjacent_2_combined| will be laid out as a series of + 32-bit integeres, as follows: 0x00_00_00_BA + 0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... */ + vector, + mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, + (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, + (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, + (int16_t)1)); + __m256i adjacent_8_combined = + mm256_shuffle_epi8(/* Recall that |adjacent_2_combined| goes as follows: + 0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE + 0x00_00_00_HG | ... Out of this, we only need the + first byte, the 4th byte, the 8th byte and so on + from the bottom and the top 128 bits. */ + adjacent_2_combined, + mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = + mm256_permutevar8x32_epi32(/* |adjacent_8_combined| looks like this: 0: + 0xHG_FE_DC_BA 1: 0x00_00_00_00 | 2: + 0x00_00_00_00 3: 0x00_00_00_00 | 4: + 0xPO_NM_LK_JI .... We put the element at 4 + after the element at 0 ... */ + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, + (int32_t)4, (int32_t)0)); __m128i combined0 = mm256_castsi256_si128(combined); mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); + Eurydice_array_to_slice( + (size_t)16U, + /* ... so that we can read them out in one go. */ serialized, + uint8_t), + combined0); uint8_t ret0[8U]; - core_result_Result_56 dst; + core_result_Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, ret0); + core_result_unwrap_26_68(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -615,9 +700,24 @@ void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index( + bytes, + /* Every 4 bits from each byte of input should be put into its own + 16-bit lane. Since |_mm256_srlv_epi16| does not exist, we have to + resort to a workaround. Rather than shifting each element by a + different amount, we'll multiply each element by a value such that + the bits we're interested in become the most significant bits (of + an 8-bit value). In this lane, the 4 bits we need to put are + already the most significant bits of |bytes[7]|. */ + (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index( + bytes, + /* In this lane, the 4 bits we need to put are the least significant + bits, so we need to shift the 4 least-significant bits of + |bytes[7]| to the most significant bits (of an 8-bit value). */ + (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, /* and so on ... */ (size_t)6U, + uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), @@ -638,9 +738,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); __m256i coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = - mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); - return mm256_and_si256(coefficients_in_lsb, + __m256i coefficients_in_lsb = mm256_srli_epi16( + (int32_t)4, + /* Once the 4-bit coefficients are in the most significant positions (of + an 8-bit value), shift them all down by 4. */ + coefficients_in_msb, __m256i); + return mm256_and_si256(/* Zero the remaining bits. */ coefficients_in_lsb, mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } @@ -655,42 +758,88 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = - mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = mm256_sllv_epi32( - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_2_combined = + mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number + indicates the corresponding bit is duplicated that + many times): 0¹¹a₄a₃a₂a₁a₀ 0¹¹b₄b₃b₂b₁b₀ 0¹¹c₄c₃c₂c₁c₀ + 0¹¹d₄d₃d₂d₁d₀ | ↩ 0¹¹e₄e₃e₂e₁e₀ 0¹¹f₄f₃f₂f₁f₀ + 0¹¹g₄g₃g₂g₁g₀ 0¹¹h₄h₃h₂h₁h₀ | ↩ |adjacent_2_combined| + will be laid out as a series of 32-bit integers, as + follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ + 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ + 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... */ + vector, + mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, + (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, + (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, + (int16_t)1)); + __m256i adjacent_4_combined = + mm256_sllv_epi32(/* Recall that |adjacent_2_combined| is laid out as + follows: 0²²b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ + 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | ↩ 0²²f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ + 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ .... This shift results + in: b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀ | + ↩ f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀ | ↩ + .... */ + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = mm256_srli_epi64( + (int32_t)22, + /* |adjacent_4_combined|, when viewed as 64-bit lanes, is: + 0²²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀0²² | ↩ + 0²²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀0²² | ↩ ... so we just shift + down by 22 bits to remove the least significant 0 bits that aren't part + of the bits we need. */ + adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi32( + (int32_t)8, + /* |adjacent_4_combined|, when viewed as a set of 32-bit values, looks + like: 0:0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ 1:0³² + 2:0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 3:0³² | ↩ To be able to + read out the bytes in one go, we need to shifts the bits in position 2 + to position 1 in each 128-bit lane. */ + adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = + mm256_sllv_epi32(/* |adjacent_8_combined|, when viewed as a set of 32-bit + values, now looks like: + 0¹²d₄d₃d₂d₁d₀c₄c₃c₂c₁c₀b₄b₃b₂b₁b₀a₄a₃a₂a₁a₀ + 0¹²h₄h₃h₂h₁h₀g₄g₃g₂g₁g₀f₄f₃f₂f₁f₀e₄e₃e₂e₁e₀ 0³² 0³² | + ↩ Once again, we line these bits up by shifting the up + values at indices 0 and 5 by 12, viewing the resulting + register as a set of 64-bit values, and then shifting + down the 64-bit values by 12 bits. */ + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)12)); __m256i adjacent_8_combined1 = mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); + __m128i lower_8 = + mm256_castsi256_si128(/* We now have 40 bits starting at position 0 in the + lower 128-bit lane, ... */ + adjacent_8_combined1); mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); + __m128i upper_8 = mm256_extracti128_si256( + (int32_t)1, + /* ... and the second 40 bits at position 0 in the upper 128-bit lane */ + adjacent_8_combined1, __m128i); mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; - core_result_Result_cd dst; + core_result_Result_9d dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_26_07(dst, ret0); + core_result_unwrap_26_ce(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -756,44 +905,88 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_2_combined = + mm256_madd_epi16(/* If |vector| is laid out as follows (superscript number + indicates the corresponding bit is duplicated that + many times): 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ + 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ + 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ + 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ + 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ ... |adjacent_2_combined| + will be laid out as a series of 32-bit integers, as + follows: 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ + 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ + 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ + 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ .... + */ + vector, + mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = + mm256_sllv_epi32(/* Shifting up the values at the even indices by 12, we + get: b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² + 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ + f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² + 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ ... */ + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12)); __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined0, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0)); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + mm256_srli_epi64((int32_t)12, + /* Viewing this as a set of 64-bit integers we get: + 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² + | ↩ + 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² + | ↩ ... Shifting down by 12 gives us: + 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ + | ↩ + 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ + | ↩ ... */ + adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi8(/* |adjacent_4_combined|, when the bottom and top 128 + bit-lanes are grouped into bytes, looks like: + 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ In + each 128-bit lane, we want to put bytes 8, 9, 10, + 11, 12 after bytes 0, 1, 2, 3 to allow for + sequential reading. */ + adjacent_4_combined0, + mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, + (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, + (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = + mm256_castsi256_si128(/* We now have 64 bits starting at position 0 in the + lower 128-bit lane, ... */ + adjacent_8_combined); mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + __m128i upper_8 = mm256_extracti128_si256( + (int32_t)1, + /* and 64 bits starting at position 0 in the upper 128-bit lane. */ + adjacent_8_combined, __m128i); mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), upper_8); uint8_t ret0[20U]; - core_result_Result_7a dst; + core_result_Result_e1 dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_26_ea(dst, ret0); + core_result_unwrap_26_20(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -915,12 +1108,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( (size_t)28U, uint8_t), upper_8); uint8_t ret0[24U]; - core_result_Result_6f dst; + core_result_Result_b2 dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_26_76(dst, ret0); + core_result_unwrap_26_70(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -972,26 +1165,64 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( __m256i field_modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(/* The input bytes can + be interpreted as a + sequence of + serialized 12-bit + (i.e. uncompressed) + coefficients. Not + all coefficients + may be less than + FIELD_MODULUS + though. */ + input); __m256i compare_with_field_modulus = - mm256_cmpgt_epi16(field_modulus, potential_coefficients); + mm256_cmpgt_epi16(/* Suppose we view |potential_coefficients| as follows + (grouping 64-bit elements): A B C D | E F G H | .... + and A < 3329, D < 3329 and H < 3329, + |compare_with_field_modulus| will look like: 0xFF 0 0 + 0xFF | 0 0 0 0xFF | ... */ + field_modulus, + potential_coefficients); uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + libcrux_ml_kem_vector_avx2_serialize_serialize_1(/* Since every bit in each + lane is either 0 or 1, we + only need one bit from + each lane in the register + to tell us what + coefficients to keep and + what to throw-away. + Combine all the bits + (there are 16) into two + bytes. */ + compare_with_field_modulus, good); uint8_t lower_shuffles[16U]; memcpy(lower_shuffles, + /* Each bit (and its corresponding position) represents an element we + want to sample. We'd like all such elements to be next to each other + starting at index 0, so that they can be read from the vector + easily. |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level + shuffling indices needed to make this happen. For e.g. if good[0] = + 0b0_0_0_0_0_0_1_0, we need to move the element in the 2-nd 16-bit + lane to the first. To do this, we need the byte-level shuffle + indices to be 2 3 X X X X ... */ libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); + __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, + /* Shuffle the lower 8 16-bits accordingly ... */ lower_shuffles, + uint8_t)); __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = mm_shuffle_epi8(lower_coefficients, lower_shuffles0); - mm_storeu_si128(output, lower_coefficients0); + mm_storeu_si128(/* ... then write them out ... */ output, + lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, + /* Do the same for |goood[1]| */ libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); @@ -1036,8 +1267,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; +static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ZERO_d6_79(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1069,9 +1300,9 @@ libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_to_reduced_ring_element_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1094,9 +1325,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b1( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1107,8 +1338,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_reduced_ring_element_79(ring_element); deserialized_pk[i0] = uu____0; } } @@ -1126,16 +1357,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_b1( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c4(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_d6_79();); + deserialize_ring_elements_reduced_b1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -1143,7 +1374,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_84(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_ef(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1156,8 +1387,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_fc(__m256i vector) { - return shift_right_84(vector); +static __m256i shift_right_ea_ef(__m256i vector) { + return shift_right_ef(vector); } /** @@ -1166,8 +1397,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_c0(__m256i a) { - __m256i t = shift_right_ea_fc(a); +static __m256i to_unsigned_representative_79(__m256i a) { + __m256i t = shift_right_ea_ef(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1179,13 +1410,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_c0(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_79(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1206,25 +1437,25 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_5f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, +static KRML_MUSTINLINE void serialize_secret_key_ed( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_53(&re, ret0); + serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1242,13 +1473,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c21( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_mut_ed( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_5f1(t_as_ntt, ret); + serialize_secret_key_ed(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1268,11 +1499,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_021( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_ed( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_c21(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_ed(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1291,15 +1522,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_661( +bool libcrux_ml_kem_ind_cca_validate_public_key_ed(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[3U]; + deserialize_ring_elements_reduced_out_b1( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_021( + serialize_public_key_ed( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1317,7 +1548,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_161(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -1336,14 +1567,18 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +bool libcrux_ml_kem_ind_cca_validate_private_key_12( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_a9_161(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)3U, - (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), - t); + H_a9_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly + on the types. We need to go to the + `value` directly. */ + private_key->value, + (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, + uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); @@ -1357,9 +1592,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - $3size_t */ -typedef struct IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} IndCpaPrivateKeyUnpacked_a0; +typedef struct IndCpaPrivateKeyUnpacked_63_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_63; /** This function found in impl {(core::default::Default for @@ -1372,11 +1607,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { - IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); - lit.secret_as_ntt[2U] = ZERO_d6_7d(); +static IndCpaPrivateKeyUnpacked_63 default_1a_ab(void) { + IndCpaPrivateKeyUnpacked_63 lit; + lit.secret_as_ntt[0U] = ZERO_d6_79(); + lit.secret_as_ntt[1U] = ZERO_d6_79(); + lit.secret_as_ntt[2U] = ZERO_d6_79(); return lit; } @@ -1386,11 +1621,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - $3size_t */ -typedef struct IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; +typedef struct IndCpaPublicKeyUnpacked_63_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[3U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} IndCpaPublicKeyUnpacked_a0; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[3U][3U]; +} IndCpaPublicKeyUnpacked_63; /** This function found in impl {(core::default::Default for @@ -1403,25 +1638,25 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; +static IndCpaPublicKeyUnpacked_63 default_8d_ab(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_d6_79();); uint8_t uu____1[32U] = {0U}; - IndCpaPublicKeyUnpacked_a0 lit; + IndCpaPublicKeyUnpacked_63 lit; memcpy( lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[0U][2U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); - lit.A[1U][2U] = ZERO_d6_7d(); - lit.A[2U][0U] = ZERO_d6_7d(); - lit.A[2U][1U] = ZERO_d6_7d(); - lit.A[2U][2U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_d6_79(); + lit.A[0U][1U] = ZERO_d6_79(); + lit.A[0U][2U] = ZERO_d6_79(); + lit.A[1U][0U] = ZERO_d6_79(); + lit.A[1U][1U] = ZERO_d6_79(); + lit.A[1U][2U] = ZERO_d6_79(); + lit.A[2U][0U] = ZERO_d6_79(); + lit.A[2U][1U] = ZERO_d6_79(); + lit.A[2U][2U] = ZERO_d6_79(); return lit; } @@ -1434,7 +1669,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_671(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1448,7 +1683,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_be( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1459,7 +1694,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_a9_671(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_e0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -1469,8 +1704,8 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = +shake128_init_absorb_e0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_55 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), @@ -1490,11 +1725,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c1(uint8_t input[3U][34U]) { +shake128_init_absorb_a9_e0(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a1(copy_of_input); + return shake128_init_absorb_e0(copy_of_input); } /** @@ -1503,7 +1738,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_e0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1537,9 +1772,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_0c1(self, ret); + shake128_squeeze_three_blocks_e0(self, ret); } /** @@ -1590,7 +1825,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1627,7 +1862,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a1( +static KRML_MUSTINLINE void shake128_squeeze_block_e0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1660,9 +1895,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d1( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_4a1(self, ret); + shake128_squeeze_block_e0(self, ret); } /** @@ -1713,7 +1948,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ed0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1756,9 +1991,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_d6_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +from_i16_array_d6_79(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1775,9 +2010,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c1( int16_t s[272U]) { - return from_i16_array_d6_14( + return from_i16_array_d6_79( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1787,46 +2022,50 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_671( +static KRML_MUSTINLINE void sample_from_xof_6c1( uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c1(copy_of_seeds); + shake128_init_absorb_a9_e0(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_2e1(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_743( + bool done = sample_from_uniform_distribution_next_ed( copy_of_randomness0, sampled_coefficients, out); + /* Requiring more than 5 blocks to sample a ring element should be very + * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid + * failing here, we squeeze more blocks out of the state until we have enough. + */ while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_1d1(&xof_state, randomness); + shake128_squeeze_block_a9_e0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_744( + done = sample_from_uniform_distribution_next_ed0( copy_of_randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_e41(copy_of_out[i]);); + ret0[i] = closure_6c1(copy_of_out[i]);); memcpy( ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -1835,8 +2074,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_341( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], +static KRML_MUSTINLINE void sample_matrix_A_6c1( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -1851,25 +2090,24 @@ static KRML_MUSTINLINE void sample_matrix_A_341( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_671(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[3U]; + sample_from_xof_6c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + (size_t)3U, + /* A[i][j] = A_transpose[j][i] */ sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } - } - - ); + }); } /** @@ -1878,8 +2116,8 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_082(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { +static KRML_MUSTINLINE void PRFxN_41(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; uint8_t out1[128U] = {0U}; @@ -1916,9 +2154,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_162(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_082(input, ret); +static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_41(input, ret); } /** @@ -1976,8 +2214,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +sample_from_binomial_distribution_2_79(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2011,7 +2249,7 @@ sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_14( + return from_i16_array_d6_79( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2021,8 +2259,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +sample_from_binomial_distribution_3_79(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2055,7 +2293,7 @@ sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_14( + return from_i16_array_d6_79( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2065,9 +2303,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_af(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_ea(randomness); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +sample_from_binomial_distribution_89(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_79(randomness); } /** @@ -2076,10 +2314,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_ab( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void ntt_at_layer_7_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { + for (size_t i = (size_t)0U; + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + step; + i++) { size_t j = i; __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( re->coefficients[j + step], (int16_t)-1600); @@ -2101,7 +2344,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_aa(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_79(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2112,8 +2355,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_aa(b, zeta_r); +ntt_layer_int_vec_step_79(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_79(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2126,8 +2369,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, +static KRML_MUSTINLINE void ntt_at_layer_4_plus_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { @@ -2139,7 +2382,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_c2( + ntt_layer_int_vec_step_79( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2156,8 +2399,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_5f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void ntt_at_layer_3_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; @@ -2172,8 +2415,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void ntt_at_layer_2_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; @@ -2191,8 +2434,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_60( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void ntt_at_layer_1_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; @@ -2219,10 +2462,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_d6_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { +static KRML_MUSTINLINE void poly_barrett_reduce_d6_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); @@ -2235,17 +2482,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_ab(re); +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { + ntt_at_layer_7_79(/* Due to the small coefficient bound, we can skip the first + round of Montgomery reductions. */ + re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_79(&zeta_i, re); + ntt_at_layer_2_79(&zeta_i, re); + ntt_at_layer_1_79(&zeta_i, re); + poly_barrett_reduce_d6_79(re); } /** @@ -2260,8 +2509,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b41( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -2274,12 +2523,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_162(prf_inputs, prf_outputs); + PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af( + re_as_ntt[i0] = sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]);); return domain_separator; } @@ -2289,10 +2538,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t */ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; +typedef struct tuple_23_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[3U]; uint8_t snd; -} tuple_b0; +} tuple_23; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out @@ -2302,25 +2551,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_7f1( +static KRML_MUSTINLINE tuple_23 sample_vector_cbd_then_ntt_out_b41( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + re_as_ntt[i] = ZERO_d6_79();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee1(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b41(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b0 lit; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + tuple_23 lit; memcpy( lit.fst, copy_of_re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); lit.snd = domain_separator; return lit; } @@ -2363,10 +2612,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +ntt_multiply_d6_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { + /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient| + * coefficient >= 0 && coefficient < 4096)); */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 out = ZERO_d6_79(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2402,13 +2653,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { +static KRML_MUSTINLINE void add_to_ring_element_d6_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, + /* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2422,7 +2678,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_bd(__m256i v) { +static __m256i to_standard_domain_79(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2438,14 +2694,21 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_d6_a7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { +static KRML_MUSTINLINE void add_standard_error_reduce_d6_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t j = i; - __m256i coefficient_normal_form = - to_standard_domain_bd(self->coefficients[j]); + __m256i coefficient_normal_form = to_standard_domain_79( + self->coefficients[/* The coefficients are of the form aR^{-1} mod q, + which means calling to_montgomery_domain() on them + should return a mod q. */ + j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2461,37 +2724,39 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a21( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { +static KRML_MUSTINLINE void compute_As_plus_e_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; + /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. + */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_d6_79(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i1++) { size_t j = i1; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b81(&t_as_ntt[i0], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_ab(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_79(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2545,47 +2810,50 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_811( +static void generate_keypair_unpacked_221( Eurydice_slice key_generation_seed, - IndCpaPrivateKeyUnpacked_a0 *private_key, - IndCpaPublicKeyUnpacked_a0 *public_key) { + IndCpaPrivateKeyUnpacked_63 *private_key, + IndCpaPublicKeyUnpacked_63 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e11(key_generation_seed, hashed); + cpa_keygen_seed_d8_be(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for + ML-KEM */ + key_generation_seed, + hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_341(uu____1, ret, true); + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + sample_matrix_A_6c1(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 = private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee1(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b41(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input, domain_separator) .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a21(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + compute_As_plus_e_ab(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, + public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; - core_result_Result_00 dst; + core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_26_b3(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -2601,18 +2869,20 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_2f1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bb1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); - generate_keypair_unpacked_811(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_63 private_key = default_1a_ab(); + IndCpaPublicKeyUnpacked_63 public_key = default_8d_ab(); + generate_keypair_unpacked_221(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_021( - public_key.t_as_ntt, + serialize_public_key_ed( + /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5f1(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_ed( + /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2639,7 +2909,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( +static KRML_MUSTINLINE void serialize_kem_secret_key_ae( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2665,7 +2935,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_161(public_key, ret0); + H_a9_e0(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2703,7 +2973,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d61(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2712,13 +2982,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_2f1(ind_cpa_keypair_randomness); + generate_keypair_bb1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_0a1( + serialize_kem_secret_key_ae( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2726,14 +2996,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key = + libcrux_ml_kem_types_from_88_28(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b0( - uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_74( + uu____2, libcrux_ml_kem_types_from_40_d0(copy_of_public_key)); } /** @@ -2746,8 +3016,8 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void entropy_preprocess_d8_be(Eurydice_slice randomness, + uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); @@ -2764,9 +3034,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_98( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2777,8 +3047,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c1( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_reduced_ring_element_79(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2794,11 +3064,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; +static KRML_MUSTINLINE tuple_23 +sample_ring_element_cbd_b41(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); + error_1[i] = ZERO_d6_79();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2810,22 +3080,22 @@ sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_162(prf_inputs, prf_outputs); + PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 = + sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[3U]; memcpy( copy_of_error_1, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b0 lit; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + tuple_23 lit; memcpy( lit.fst, copy_of_error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); lit.snd = domain_separator; return lit; } @@ -2835,7 +3105,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_d10(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_a6(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2852,9 +3122,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_424(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_410(Eurydice_slice input, uint8_t ret[128U]) { - PRF_d10(input, ret); + PRF_a6(input, ret); } /** @@ -2863,8 +3133,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void invert_ntt_at_layer_1_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2887,8 +3157,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_6a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void invert_ntt_at_layer_2_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2907,8 +3177,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_ad( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void invert_ntt_at_layer_3_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2925,11 +3195,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_63(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_79(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_aa(a_minus_b, zeta_r); + b = montgomery_multiply_fe_79(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2940,11 +3210,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_79( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + for (size_t i0 = (size_t)0U; + i0 < (size_t)128U >> + (uint32_t) /* The semicolon and parentheses at the end of loop are a + workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + layer; + i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; @@ -2955,7 +3231,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_63( + inv_ntt_layer_int_vec_step_reduce_79( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2972,18 +3248,21 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_191( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void invert_ntt_montgomery_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); + /* We only ever call this function after matrix/vector multiplication */ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT + + / (size_t)2U; + invert_ntt_at_layer_1_79(&zeta_i, re); + invert_ntt_at_layer_2_79(&zeta_i, re); + invert_ntt_at_layer_3_79(&zeta_i, re); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_79(re); } /** @@ -2997,11 +3276,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_d6_89( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { +static KRML_MUSTINLINE void add_error_reduce_d6_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t j = i; __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( @@ -3021,42 +3304,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_ba1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; +static KRML_MUSTINLINE void compute_vector_u_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_d6_7d();); + result[i] = ZERO_d6_79();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[3U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b81(&result[i1], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_ab(&result[i1], &product); } - invert_ntt_montgomery_191(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); + invert_ntt_montgomery_ab(&result[i1]); + add_error_reduce_d6_79(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -3065,7 +3348,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_f2(__m256i v) { +static __m256i decompress_1_79(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3078,9 +3361,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_ef(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_message_79(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -3088,7 +3371,7 @@ deserialize_then_decompress_message_ef(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_f2(coefficient_compressed);); + re.coefficients[i0] = decompress_1_79(coefficient_compressed);); return re; } @@ -3103,19 +3386,37 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_d6_df( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +add_message_error_reduce_d6_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients + [/* FIXME: Eurydice crashes with: Warning 11: in top-level + declaration + libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: + this expression is not Low*; the enclosing function cannot be + translated into C*: let mutable ret(Mark.Present,(Mark.AtMost + 2), ): int16_t[16size_t] = $any in + libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add + ((@9: + libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] + &(((@8: + libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) + @0; @0 Warning 11 is fatal, exiting. On the following code: + ```rust result.coefficients[i] = + Vector::barrett_reduce(Vector::add( coefficient_normal_form, + &Vector::add(self.coefficients[i], &message.coefficients[i]), + )); ``` */ + i0], + &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = @@ -3133,19 +3434,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_9f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +compute_ring_element_v_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b81(&result, &product);); - invert_ntt_montgomery_191(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_ab(&result, &product);); + invert_ntt_montgomery_ab(&result); + result = add_message_error_reduce_d6_79(error_2, message, result); return result; } @@ -3156,15 +3457,25 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_43(__m256i vector) { +compress_ciphertext_coefficient_ef(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m128i coefficients_low = + mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take + the bottom 128 bits, i.e. the first 8 16-bit + coefficients */ + vector); + __m256i coefficients_low0 = + mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A + coefficients_low[16:31] = B + coefficients_low[32:63] = C and so on ... after + this step: coefficients_low[0:31] = A + coefficients_low[32:63] = B and so on ... */ + coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3172,12 +3483,18 @@ compress_ciphertext_coefficient_43(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low2 = mm256_srli_epi32( + (int32_t)3, + /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we + just need to shift right by 35 - 32 = 3 more. */ + compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, + i.e. the next 8 16-bit coefficients */ + vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); @@ -3190,8 +3507,20 @@ compress_ciphertext_coefficient_43(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + compressed_low3, + compressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -3203,8 +3532,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_ab(__m256i vector) { - return compress_ciphertext_coefficient_43(vector); +static __m256i compress_ea_ef(__m256i vector) { + return compress_ciphertext_coefficient_ef(vector); } /** @@ -3213,14 +3542,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_190( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { +static KRML_MUSTINLINE void compress_then_serialize_10_0e0( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_ab(to_unsigned_representative_c0(re->coefficients[i0])); + compress_ea_ef(to_unsigned_representative_79(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3238,15 +3567,25 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_430(__m256i vector) { +compress_ciphertext_coefficient_c4(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m128i coefficients_low = + mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take + the bottom 128 bits, i.e. the first 8 16-bit + coefficients */ + vector); + __m256i coefficients_low0 = + mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A + coefficients_low[16:31] = B + coefficients_low[32:63] = C and so on ... after + this step: coefficients_low[0:31] = A + coefficients_low[32:63] = B and so on ... */ + coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3254,12 +3593,18 @@ compress_ciphertext_coefficient_430(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low2 = mm256_srli_epi32( + (int32_t)3, + /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we + just need to shift right by 35 - 32 = 3 more. */ + compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, + i.e. the next 8 16-bit coefficients */ + vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); @@ -3272,8 +3617,20 @@ compress_ciphertext_coefficient_430(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + compressed_low3, + compressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -3285,8 +3642,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_ab0(__m256i vector) { - return compress_ciphertext_coefficient_430(vector); +static __m256i compress_ea_c4(__m256i vector) { + return compress_ciphertext_coefficient_c4(vector); } /** @@ -3296,10 +3653,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_880( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_a4( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_190(re, uu____0); + compress_then_serialize_10_0e0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3315,23 +3672,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_0b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], +static void compress_then_serialize_u_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + out, + i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * + ((size_t)960U / (size_t)3U), + uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_880(&re, ret); + compress_then_serialize_ring_element_u_a4(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3344,15 +3707,25 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_431(__m256i vector) { +compress_ciphertext_coefficient_d1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m128i coefficients_low = + mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take + the bottom 128 bits, i.e. the first 8 16-bit + coefficients */ + vector); + __m256i coefficients_low0 = + mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A + coefficients_low[16:31] = B + coefficients_low[32:63] = C and so on ... after + this step: coefficients_low[0:31] = A + coefficients_low[32:63] = B and so on ... */ + coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3360,12 +3733,18 @@ compress_ciphertext_coefficient_431(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low2 = mm256_srli_epi32( + (int32_t)3, + /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we + just need to shift right by 35 - 32 = 3 more. */ + compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, + i.e. the next 8 16-bit coefficients */ + vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); @@ -3378,8 +3757,20 @@ compress_ciphertext_coefficient_431(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + compressed_low3, + compressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -3391,8 +3782,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_ab1(__m256i vector) { - return compress_ciphertext_coefficient_431(vector); +static __m256i compress_ea_d1(__m256i vector) { + return compress_ciphertext_coefficient_d1(vector); } /** @@ -3401,14 +3792,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_f5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, +static KRML_MUSTINLINE void compress_then_serialize_4_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t i0 = i; __m256i coefficient = - compress_ea_ab1(to_unsigned_representative_c0(re.coefficients[i0])); + compress_ea_d1(to_unsigned_representative_79(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3425,15 +3820,25 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_432(__m256i vector) { +compress_ciphertext_coefficient_f4(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); __m256i coefficient_bits_mask = mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m128i coefficients_low = + mm256_castsi256_si128(/* ---- Compress the first 8 coefficients ---- Take + the bottom 128 bits, i.e. the first 8 16-bit + coefficients */ + vector); + __m256i coefficients_low0 = + mm256_cvtepi16_epi32(/* If: coefficients_low[0:15] = A + coefficients_low[16:31] = B + coefficients_low[32:63] = C and so on ... after + this step: coefficients_low[0:31] = A + coefficients_low[32:63] = B and so on ... */ + coefficients_low); __m256i compressed_low = mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); __m256i compressed_low0 = @@ -3441,12 +3846,18 @@ compress_ciphertext_coefficient_432(__m256i vector) { __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low2 = mm256_srli_epi32( + (int32_t)3, + /* Due to the mulhi_mm256_epi32 we've already shifted right by 32 bits, we + just need to shift right by 35 - 32 = 3 more. */ + compressed_low1, __m256i); __m256i compressed_low3 = mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- Take the upper 128 bits, + i.e. the next 8 16-bit coefficients */ + vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i compressed_high = mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); @@ -3459,8 +3870,20 @@ compress_ciphertext_coefficient_432(__m256i vector) { mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); __m256i compressed_high3 = mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + compressed_low3, + compressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -3472,8 +3895,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_ab2(__m256i vector) { - return compress_ciphertext_coefficient_432(vector); +static __m256i compress_ea_f4(__m256i vector) { + return compress_ciphertext_coefficient_f4(vector); } /** @@ -3482,14 +3905,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a4( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, +static KRML_MUSTINLINE void compress_then_serialize_5_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t i0 = i; __m256i coefficients = - compress_ea_ab2(to_unsigned_representative_c0(re.coefficients[i0])); + compress_ea_f4(to_unsigned_representative_79(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3506,9 +3933,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f30( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_f5(re, out); +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_78( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) { + compress_then_serialize_4_79(re, out); } /** @@ -3569,58 +3996,67 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_741(IndCpaPublicKeyUnpacked_63 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := + CBD{η1}(PRF(r, N)) N := N + 1 end + for rˆ := NTT(r) */ + randomness, + prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + tuple_23 uu____1 = sample_vector_cbd_then_ntt_out_b41(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; + /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_c61(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + tuple_23 uu____3 = + sample_ring_element_cbd_b41(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[3U]; memcpy( error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; + prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; uint8_t prf_output[128U]; - PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 = + sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_ba1(public_key->A, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[3U]; + compute_vector_u_ab(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, + r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; + /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_ef(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = + deserialize_then_decompress_message_79(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = + compute_ring_element_v_ab(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[3U]; + /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_0b1( + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + compress_then_serialize_u_8c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f30( + /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; + compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3643,25 +4079,30 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_a41(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_741(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); - deserialize_ring_elements_reduced_8c1( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + IndCpaPublicKeyUnpacked_63 unpacked_public_key = default_8d_ab(); + deserialize_ring_elements_reduced_98( + Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ + public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 + do for j from 0 to k − 1 do AˆT[i][j] := + Parse(XOF(ρ, i, j)) end for end for */ + public_key, + (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[3U] = unpacked_public_key.A; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_341(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); + sample_matrix_A_6c1(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_63 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_be1(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_741(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3676,8 +4117,8 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_e91(Eurydice_slice shared_secret, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void kdf_d8_ae(Eurydice_slice shared_secret, + uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); @@ -3703,27 +4144,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_701( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_961( + entropy_preprocess_d8_be( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), - uint8_t), - ret); + H_a9_e0(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_d0(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_e0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3731,25 +4172,25 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_d0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_a41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_741(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_80(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_e91(shared_secret, shared_secret_array); + kdf_d8_ae(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; + tuple_c2 lit; lit.fst = uu____5; memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; @@ -3761,9 +4202,9 @@ libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_71(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_to_uncompressed_ring_element_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3783,12 +4224,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_c51( +static KRML_MUSTINLINE void deserialize_secret_key_ab( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_d6_79();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3799,13 +4240,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_c51( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_uncompressed_ring_element_79(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -3815,12 +4256,13 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_87(__m256i vector) { +decompress_ciphertext_coefficient_ef(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = mm256_castsi256_si128(vector); + __m128i coefficients_low = mm256_castsi256_si128( + /* ---- Compress the first 8 coefficients ---- */ vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -3828,12 +4270,16 @@ decompress_ciphertext_coefficient_87(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low2 = mm256_srli_epi32( + (int32_t)10, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -3841,12 +4287,27 @@ decompress_ciphertext_coefficient_87(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high2 = mm256_srli_epi32( + (int32_t)10, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + decompressed_low3, + decompressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -3859,8 +4320,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_2e(__m256i vector) { - return decompress_ciphertext_coefficient_87(vector); +static __m256i decompress_ciphertext_coefficient_ea_ef(__m256i vector) { + return decompress_ciphertext_coefficient_ef(vector); } /** @@ -3869,16 +4330,16 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_5f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_10_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ef(coefficient); } return re; } @@ -3890,12 +4351,13 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_870(__m256i vector) { +decompress_ciphertext_coefficient_c4(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = mm256_castsi256_si128(vector); + __m128i coefficients_low = mm256_castsi256_si128( + /* ---- Compress the first 8 coefficients ---- */ vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -3903,12 +4365,16 @@ decompress_ciphertext_coefficient_870(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low2 = mm256_srli_epi32( + (int32_t)11, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -3916,12 +4382,27 @@ decompress_ciphertext_coefficient_870(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high2 = mm256_srli_epi32( + (int32_t)11, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + decompressed_low3, + decompressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -3934,8 +4415,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_2e0(__m256i vector) { - return decompress_ciphertext_coefficient_870(vector); +static __m256i decompress_ciphertext_coefficient_ea_c4(__m256i vector) { + return decompress_ciphertext_coefficient_c4(vector); } /** @@ -3944,16 +4425,16 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_11_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_c4(coefficient); } return re; } @@ -3964,9 +4445,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5f(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_ring_element_u_ee(Eurydice_slice serialized) { + return deserialize_then_decompress_10_79(serialized); } /** @@ -3975,17 +4456,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void ntt_vector_u_ee( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_79(&zeta_i, re); + ntt_at_layer_2_79(&zeta_i, re); + ntt_at_layer_1_79(&zeta_i, re); + poly_barrett_reduce_d6_79(re); } /** @@ -4000,12 +4481,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ed( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_d6_7d();); + u_as_ntt[i] = ZERO_d6_79();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -4023,12 +4504,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); - ntt_vector_u_9b0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ee(u_bytes); + ntt_vector_u_ee(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -4038,12 +4519,13 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_871(__m256i vector) { +decompress_ciphertext_coefficient_d1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = mm256_castsi256_si128(vector); + __m128i coefficients_low = mm256_castsi256_si128( + /* ---- Compress the first 8 coefficients ---- */ vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -4051,12 +4533,16 @@ decompress_ciphertext_coefficient_871(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low2 = mm256_srli_epi32( + (int32_t)4, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -4064,12 +4550,27 @@ decompress_ciphertext_coefficient_871(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high2 = mm256_srli_epi32( + (int32_t)4, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + decompressed_low3, + decompressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -4082,8 +4583,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_2e1(__m256i vector) { - return decompress_ciphertext_coefficient_871(vector); +static __m256i decompress_ciphertext_coefficient_ea_d1(__m256i vector) { + return decompress_ciphertext_coefficient_d1(vector); } /** @@ -4092,16 +4593,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_4_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d1(coefficient); } return re; } @@ -4113,12 +4614,13 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_872(__m256i vector) { +decompress_ciphertext_coefficient_f4(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = mm256_castsi256_si128(vector); + __m128i coefficients_low = mm256_castsi256_si128( + /* ---- Compress the first 8 coefficients ---- */ vector); __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); __m256i decompressed_low = mm256_mullo_epi32(coefficients_low0, field_modulus); @@ -4126,12 +4628,16 @@ decompress_ciphertext_coefficient_872(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); __m256i decompressed_low1 = mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low2 = mm256_srli_epi32( + (int32_t)5, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_low1, __m256i); __m256i decompressed_low3 = mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i coefficients_high = mm256_extracti128_si256( + (int32_t)1, + /* ---- Compress the next 8 coefficients ---- */ vector, __m128i); __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); __m256i decompressed_high = mm256_mullo_epi32(coefficients_high0, field_modulus); @@ -4139,12 +4645,27 @@ decompress_ciphertext_coefficient_872(__m256i vector) { mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); __m256i decompressed_high1 = mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high2 = mm256_srli_epi32( + (int32_t)5, + /* We can't shift in one go by (COEFFICIENT_BITS + 1) due to the lack of + support for const generic expressions. */ + decompressed_high1, __m256i); __m256i decompressed_high3 = mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + __m256i compressed = + mm256_packs_epi32(/* Combining them, and grouping each set of 64-bits, + this function results in: 0: low low low low | 1: + high high high high | 2: low low low low | 3: high + high high high where each |low| and |high| is a + 16-bit element */ + decompressed_low3, + decompressed_high3); + return mm256_permute4x64_epi64( + (int32_t)216, + /* To be in the right order, we need to move the |low|s above in position + 2 to position 1 and the |high|s in position 1 to position 2, and leave + the rest unchanged. */ + compressed, __m256i); } /** @@ -4157,8 +4678,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_2e2(__m256i vector) { - return decompress_ciphertext_coefficient_872(vector); +static __m256i decompress_ciphertext_coefficient_ea_f4(__m256i vector) { + return decompress_ciphertext_coefficient_f4(vector); } /** @@ -4167,9 +4688,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_c1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_5_79(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = ZERO_d6_79(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4177,7 +4698,7 @@ deserialize_then_decompress_5_c1(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_2e2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_f4(re.coefficients[i0]); } return re; } @@ -4188,9 +4709,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_590(Eurydice_slice serialized) { - return deserialize_then_decompress_4_8d(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_ring_element_v_42(Eurydice_slice serialized) { + return deserialize_then_decompress_4_79(serialized); } /** @@ -4204,9 +4725,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +subtract_reduce_d6_79(libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4232,18 +4753,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +compute_message_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b81(&result, &product);); - invert_ntt_montgomery_191(&result); - result = subtract_reduce_d6_4a(v, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_ab(&result, &product);); + invert_ntt_montgomery_ab(&result); + result = subtract_reduce_d6_79(v, result); return result; } @@ -4253,12 +4774,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_53( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { +static KRML_MUSTINLINE void compress_then_serialize_message_79( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_c0(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_79(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4305,18 +4826,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_671(IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_9d1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_590( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a1(&v, secret_key->secret_as_ntt, u_as_ntt); +static void decrypt_unpacked_2f(IndCpaPrivateKeyUnpacked_63 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[3U]; + deserialize_then_decompress_u_ed( + /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = + deserialize_then_decompress_ring_element_v_42( + Eurydice_array_to_subslice_from( + (size_t)1088U, + /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ + ciphertext, (size_t)960U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = + compute_message_ab(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4330,21 +4854,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_c51(secret_key, secret_as_ntt); +static void decrypt_2f(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[3U]; + deserialize_secret_key_ab(/* sˆ := Decode_12(sk) */ secret_key, + secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + IndCpaPrivateKeyUnpacked_63 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t ret0[32U]; - decrypt_unpacked_671(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_2f(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4353,7 +4878,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_d1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_9e(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4370,8 +4895,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); +static KRML_MUSTINLINE void PRF_a9_41(Eurydice_slice input, uint8_t ret[32U]) { + PRF_9e(input, ret); } /** @@ -4396,8 +4921,8 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_971( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_a11( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), @@ -4414,9 +4939,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_971( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_3d1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_2f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4424,7 +4949,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_971( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4432,31 +4957,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_971( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_a41(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_741(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e91(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_d8_ae(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_e91(shared_secret0, shared_secret); + kdf_d8_ae(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_fd_80(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4475,9 +5000,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_88( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4488,8 +5013,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_reduced_ring_element_79(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4507,16 +5032,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_88( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c3(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_d6_79();); + deserialize_ring_elements_reduced_88(public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -4529,25 +5054,25 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, +static KRML_MUSTINLINE void serialize_secret_key_78( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_53(&re, ret0); + serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4565,13 +5090,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_mut_1e( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_5f(t_as_ntt, ret); + serialize_secret_key_78(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4591,11 +5116,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_02( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_1e( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_c2(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_1e(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4614,15 +5139,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_660( +bool libcrux_ml_kem_ind_cca_validate_public_key_1e(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[4U]; + deserialize_ring_elements_reduced_out_88( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_02( + serialize_public_key_1e( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4640,7 +5165,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_ac(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4659,13 +5184,17 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_b9( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) { uint8_t t[32U]; - H_a9_16(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + H_a9_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly + on the types. We need to go to the + `value` directly. */ + private_key->value, + (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, + uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, @@ -4680,9 +5209,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - $4size_t */ -typedef struct IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} IndCpaPrivateKeyUnpacked_01; +typedef struct IndCpaPrivateKeyUnpacked_39_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_39; /** This function found in impl {(core::default::Default for @@ -4695,12 +5224,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { - IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); - lit.secret_as_ntt[2U] = ZERO_d6_7d(); - lit.secret_as_ntt[3U] = ZERO_d6_7d(); +static IndCpaPrivateKeyUnpacked_39 default_1a_42(void) { + IndCpaPrivateKeyUnpacked_39 lit; + lit.secret_as_ntt[0U] = ZERO_d6_79(); + lit.secret_as_ntt[1U] = ZERO_d6_79(); + lit.secret_as_ntt[2U] = ZERO_d6_79(); + lit.secret_as_ntt[3U] = ZERO_d6_79(); return lit; } @@ -4710,11 +5239,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - $4size_t */ -typedef struct IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; +typedef struct IndCpaPublicKeyUnpacked_39_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[4U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} IndCpaPublicKeyUnpacked_01; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[4U][4U]; +} IndCpaPublicKeyUnpacked_39; /** This function found in impl {(core::default::Default for @@ -4727,32 +5256,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; +static IndCpaPublicKeyUnpacked_39 default_8d_42(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_d6_79();); uint8_t uu____1[32U] = {0U}; - IndCpaPublicKeyUnpacked_01 lit; + IndCpaPublicKeyUnpacked_39 lit; memcpy( lit.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[0U][2U] = ZERO_d6_7d(); - lit.A[0U][3U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); - lit.A[1U][2U] = ZERO_d6_7d(); - lit.A[1U][3U] = ZERO_d6_7d(); - lit.A[2U][0U] = ZERO_d6_7d(); - lit.A[2U][1U] = ZERO_d6_7d(); - lit.A[2U][2U] = ZERO_d6_7d(); - lit.A[2U][3U] = ZERO_d6_7d(); - lit.A[3U][0U] = ZERO_d6_7d(); - lit.A[3U][1U] = ZERO_d6_7d(); - lit.A[3U][2U] = ZERO_d6_7d(); - lit.A[3U][3U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_d6_79(); + lit.A[0U][1U] = ZERO_d6_79(); + lit.A[0U][2U] = ZERO_d6_79(); + lit.A[0U][3U] = ZERO_d6_79(); + lit.A[1U][0U] = ZERO_d6_79(); + lit.A[1U][1U] = ZERO_d6_79(); + lit.A[1U][2U] = ZERO_d6_79(); + lit.A[1U][3U] = ZERO_d6_79(); + lit.A[2U][0U] = ZERO_d6_79(); + lit.A[2U][1U] = ZERO_d6_79(); + lit.A[2U][2U] = ZERO_d6_79(); + lit.A[2U][3U] = ZERO_d6_79(); + lit.A[3U][0U] = ZERO_d6_79(); + lit.A[3U][1U] = ZERO_d6_79(); + lit.A[3U][2U] = ZERO_d6_79(); + lit.A[3U][3U] = ZERO_d6_79(); return lit; } @@ -4765,7 +5294,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ac(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4779,7 +5308,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_6a( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4790,7 +5319,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_ac(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4800,8 +5329,8 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = +shake128_init_absorb_ac(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_55 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), @@ -4821,11 +5350,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c(uint8_t input[4U][34U]) { +shake128_init_absorb_a9_ac(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a(copy_of_input); + return shake128_init_absorb_ac(copy_of_input); } /** @@ -4834,7 +5363,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ac( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4871,9 +5400,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_ac( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_0c(self, ret); + shake128_squeeze_three_blocks_ac(self, ret); } /** @@ -4924,7 +5453,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_78( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4961,7 +5490,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a( +static KRML_MUSTINLINE void shake128_squeeze_block_ac( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4997,9 +5526,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_ac( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_4a(self, ret); + shake128_squeeze_block_ac(self, ret); } /** @@ -5050,7 +5579,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_780( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5088,9 +5617,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c( int16_t s[272U]) { - return from_i16_array_d6_14( + return from_i16_array_d6_79( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5100,46 +5629,50 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_67( +static KRML_MUSTINLINE void sample_from_xof_6c( uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c(copy_of_seeds); + shake128_init_absorb_a9_ac(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_ac(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_74( + bool done = sample_from_uniform_distribution_next_78( copy_of_randomness0, sampled_coefficients, out); + /* Requiring more than 5 blocks to sample a ring element should be very + * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid + * failing here, we squeeze more blocks out of the state until we have enough. + */ while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_1d(&xof_state, randomness); + shake128_squeeze_block_a9_ac(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_740( + done = sample_from_uniform_distribution_next_780( copy_of_randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[4U][272U]; memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_e4(copy_of_out[i]);); + ret0[i] = closure_6c(copy_of_out[i]);); memcpy( ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -5148,8 +5681,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_34( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], +static KRML_MUSTINLINE void sample_matrix_A_6c( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -5164,25 +5697,24 @@ static KRML_MUSTINLINE void sample_matrix_A_34( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_67(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[4U]; + sample_from_xof_6c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + (size_t)4U, + /* A[i][j] = A_transpose[j][i] */ sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } - } - - ); + }); } /** @@ -5191,7 +5723,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_44(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5232,9 +5764,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_44(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_08(input, ret); + PRFxN_44(input, ret); } /** @@ -5249,8 +5781,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b4( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5263,12 +5795,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_16(prf_inputs, prf_outputs); + PRFxN_a9_44(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af( + re_as_ntt[i0] = sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]);); return domain_separator; } @@ -5278,10 +5810,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t */ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; +typedef struct tuple_dd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[4U]; uint8_t snd; -} tuple_71; +} tuple_dd; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out @@ -5291,25 +5823,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( +static KRML_MUSTINLINE tuple_dd sample_vector_cbd_then_ntt_out_b4( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + re_as_ntt[i] = ZERO_d6_79();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b4(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + tuple_dd lit; memcpy( lit.fst, copy_of_re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); lit.snd = domain_separator; return lit; } @@ -5329,13 +5861,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { +static KRML_MUSTINLINE void add_to_ring_element_d6_42( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, + /* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5352,37 +5889,39 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { +static KRML_MUSTINLINE void compute_As_plus_e_42( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; + /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. + */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_d6_79(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i1++) { size_t j = i1; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_42(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_79(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5436,47 +5975,50 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_81( +static void generate_keypair_unpacked_22( Eurydice_slice key_generation_seed, - IndCpaPrivateKeyUnpacked_01 *private_key, - IndCpaPublicKeyUnpacked_01 *public_key) { + IndCpaPrivateKeyUnpacked_39 *private_key, + IndCpaPublicKeyUnpacked_39 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_6a(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for + ML-KEM */ + key_generation_seed, + hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[4U] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[4U] = public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_34(uu____1, ret, true); + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + sample_matrix_A_6c(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 = private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b4(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input, domain_separator) .fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a2(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + compute_As_plus_e_42(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, + public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; - core_result_Result_00 dst; + core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_26_b3(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5492,18 +6034,20 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bb0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); - generate_keypair_unpacked_81(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_39 private_key = default_1a_42(); + IndCpaPublicKeyUnpacked_39 public_key = default_8d_42(); + generate_keypair_unpacked_22(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_02( - public_key.t_as_ntt, + serialize_public_key_1e( + /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_78( + /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5530,7 +6074,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( +static KRML_MUSTINLINE void serialize_kem_secret_key_5e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5556,7 +6100,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_16(public_key, ret0); + H_a9_ac(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5594,7 +6138,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d60(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5603,13 +6147,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_2f0(ind_cpa_keypair_randomness); + generate_keypair_bb0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_0a0( + serialize_kem_secret_key_5e( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5617,14 +6161,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { uint8_t copy_of_secret_key_serialized[3168U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_83 private_key = + libcrux_ml_kem_types_from_88_39(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_83 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b1( - uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_94( + uu____2, libcrux_ml_kem_types_from_40_af(copy_of_public_key)); } /** @@ -5637,8 +6181,8 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void entropy_preprocess_d8_6a(Eurydice_slice randomness, + uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); @@ -5655,9 +6199,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3c( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5668,8 +6212,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_reduced_ring_element_79(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5685,11 +6229,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; +static KRML_MUSTINLINE tuple_dd +sample_ring_element_cbd_b4(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); + error_1[i] = ZERO_d6_79();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5701,22 +6245,22 @@ sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_16(prf_inputs, prf_outputs); + PRFxN_a9_44(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 = + sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[4U]; memcpy( copy_of_error_1, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + tuple_dd lit; memcpy( lit.fst, copy_of_error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); lit.snd = domain_separator; return lit; } @@ -5731,9 +6275,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_440(Eurydice_slice input, uint8_t ret[128U]) { - PRF_d10(input, ret); + PRF_a6(input, ret); } /** @@ -5742,18 +6286,21 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_19( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void invert_ntt_montgomery_42( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); + /* We only ever call this function after matrix/vector multiplication */ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT + + / (size_t)2U; + invert_ntt_at_layer_1_79(&zeta_i, re); + invert_ntt_at_layer_2_79(&zeta_i, re); + invert_ntt_at_layer_3_79(&zeta_i, re); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_79(re); } /** @@ -5765,42 +6312,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_ba( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; +static KRML_MUSTINLINE void compute_vector_u_42( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_d6_7d();); + result[i] = ZERO_d6_79();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[4U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b8(&result[i1], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_42(&result[i1], &product); } - invert_ntt_montgomery_19(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); + invert_ntt_montgomery_42(&result[i1]); + add_error_reduce_d6_79(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -5812,19 +6359,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_9f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +compute_ring_element_v_42( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b8(&result, &product);); - invert_ntt_montgomery_19(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_42(&result, &product);); + invert_ntt_montgomery_42(&result); + result = add_message_error_reduce_d6_79(error_2, message, result); return result; } @@ -5834,14 +6381,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_88( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { +static KRML_MUSTINLINE void compress_then_serialize_11_0e( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_ab0(to_unsigned_representative_c0(re->coefficients[i0])); + compress_ea_c4(to_unsigned_representative_79(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5859,10 +6406,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_88( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_6f( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_88(re, uu____0); + compress_then_serialize_11_0e(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5878,23 +6425,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_0b( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], +static void compress_then_serialize_u_c9( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + out, + i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * + ((size_t)1408U / (size_t)4U), + uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_88(&re, ret); + compress_then_serialize_ring_element_u_6f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5907,9 +6460,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_a4(re, out); +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re, Eurydice_slice out) { + compress_then_serialize_5_79(re, out); } /** @@ -5970,57 +6523,66 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_74(IndCpaPublicKeyUnpacked_39 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := + CBD{η1}(PRF(r, N)) N := N + 1 end + for rˆ := NTT(r) */ + randomness, + prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + tuple_dd uu____1 = sample_vector_cbd_then_ntt_out_b4(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; + /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_c6(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + tuple_dd uu____3 = + sample_ring_element_cbd_b4(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[4U]; memcpy( error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; + prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; uint8_t prf_output[128U]; - PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 = + sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_ba(public_key->A, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[4U]; + compute_vector_u_42(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, + r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; + /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_ef(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f(public_key->t_as_ntt, r_as_ntt, &error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = + deserialize_then_decompress_message_79(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = + compute_ring_element_v_42(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[4U]; + /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_0b( + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + compress_then_serialize_u_c9( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f3( + /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; + compress_then_serialize_ring_element_v_ff( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6043,25 +6605,30 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_a40(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_740(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); - deserialize_ring_elements_reduced_8c( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + IndCpaPublicKeyUnpacked_39 unpacked_public_key = default_8d_42(); + deserialize_ring_elements_reduced_3c( + Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ + public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = + Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 + do for j from 0 to k − 1 do AˆT[i][j] := + Parse(XOF(ρ, i, j)) end for end for */ + public_key, + (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[4U] = unpacked_public_key.A; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_34(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); + sample_matrix_A_6c(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_39 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_be(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_74(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6076,8 +6643,8 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_e90(Eurydice_slice shared_secret, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void kdf_d8_5e(Eurydice_slice shared_secret, + uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); @@ -6103,27 +6670,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_ind_cca_encapsulate_700( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_960( + entropy_preprocess_d8_6a( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_16(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), + H_a9_ac(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_af(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ac(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6131,25 +6698,25 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_af(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_a40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_740(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_64 ciphertext0 = + libcrux_ml_kem_types_from_fc_af(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_e90(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; + kdf_d8_5e(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_64 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; + tuple_fa lit; lit.fst = uu____5; memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; @@ -6164,12 +6731,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_c50( +static KRML_MUSTINLINE void deserialize_secret_key_42( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_d6_79();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6180,13 +6747,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_c50( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_uncompressed_ring_element_79(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -6195,9 +6762,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { - return deserialize_then_decompress_11_9a(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_ring_element_u_85(Eurydice_slice serialized) { + return deserialize_then_decompress_11_79(serialized); } /** @@ -6206,17 +6773,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void ntt_vector_u_85( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_79(&zeta_i, re); + ntt_at_layer_2_79(&zeta_i, re); + ntt_at_layer_1_79(&zeta_i, re); + poly_barrett_reduce_d6_79(re); } /** @@ -6231,12 +6798,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_d6_7d();); + u_as_ntt[i] = ZERO_d6_79();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6254,12 +6821,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f9(u_bytes); - ntt_vector_u_9b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_85(u_bytes); + ntt_vector_u_85(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -6268,9 +6835,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_59(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c1(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +deserialize_then_decompress_ring_element_v_b4(Eurydice_slice serialized) { + return deserialize_then_decompress_5_79(serialized); } /** @@ -6285,18 +6852,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +compute_message_42( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b8(&result, &product);); - invert_ntt_montgomery_19(&result); - result = subtract_reduce_d6_4a(v, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_42(&result, &product);); + invert_ntt_montgomery_42(&result); + result = subtract_reduce_d6_79(v, result); return result; } @@ -6334,18 +6901,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_67(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_37(IndCpaPrivateKeyUnpacked_39 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_59( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a(&v, secret_key->secret_as_ntt, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[4U]; + deserialize_then_decompress_u_1e( + /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = + deserialize_then_decompress_ring_element_v_b4( + Eurydice_array_to_subslice_from( + (size_t)1568U, + /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ + ciphertext, (size_t)1408U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = + compute_message_42(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6359,21 +6929,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_c50(secret_key, secret_as_ntt); +static void decrypt_37(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[4U]; + deserialize_secret_key_42(/* sˆ := Decode_12(sk) */ secret_key, + secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + IndCpaPrivateKeyUnpacked_39 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t ret0[32U]; - decrypt_unpacked_67(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_37(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6387,8 +6958,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); +static KRML_MUSTINLINE void PRF_a9_44(Eurydice_slice input, uint8_t ret[32U]) { + PRF_9e(input, ret); } /** @@ -6413,9 +6984,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_970( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate_a10( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6431,9 +7002,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_3d0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_37(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6441,7 +7012,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6449,31 +7020,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_af(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_a40(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_740(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e90(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_d8_5e(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_e90(shared_secret0, shared_secret); + kdf_d8_5e(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), + libcrux_ml_kem_types_as_ref_fd_af(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6492,9 +7063,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bc( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6505,8 +7076,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_reduced_ring_element_79(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6524,16 +7095,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bc( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c2(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_d6_79();); + deserialize_ring_elements_reduced_bc(public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -6546,25 +7117,25 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_5f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, +static KRML_MUSTINLINE void serialize_secret_key_29( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_53(&re, ret0); + serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6582,13 +7153,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_mut_ba( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_5f0(t_as_ntt, ret); + serialize_secret_key_29(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6608,11 +7179,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_020( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_ba( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_c20(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_ba(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6631,15 +7202,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_66( +bool libcrux_ml_kem_ind_cca_validate_public_key_ba(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 deserialized_pk[2U]; + deserialize_ring_elements_reduced_out_bc( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_020( + serialize_public_key_ba( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6657,7 +7228,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_fd(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6676,14 +7247,18 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_ad( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) { uint8_t t[32U]; - H_a9_160(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)2U, - (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), - t); + H_a9_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly + on the types. We need to go to the + `value` directly. */ + private_key->value, + (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, + uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); @@ -6697,9 +7272,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - $2size_t */ -typedef struct IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} IndCpaPrivateKeyUnpacked_d6; +typedef struct IndCpaPrivateKeyUnpacked_94_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_94; /** This function found in impl {(core::default::Default for @@ -6712,10 +7287,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { - IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); +static IndCpaPrivateKeyUnpacked_94 default_1a_89(void) { + IndCpaPrivateKeyUnpacked_94 lit; + lit.secret_as_ntt[0U] = ZERO_d6_79(); + lit.secret_as_ntt[1U] = ZERO_d6_79(); return lit; } @@ -6725,11 +7300,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - $2size_t */ -typedef struct IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; +typedef struct IndCpaPublicKeyUnpacked_94_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 t_as_ntt[2U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} IndCpaPublicKeyUnpacked_d6; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 A[2U][2U]; +} IndCpaPublicKeyUnpacked_94; /** This function found in impl {(core::default::Default for @@ -6742,20 +7317,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; +static IndCpaPublicKeyUnpacked_94 default_8d_89(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_d6_79();); uint8_t uu____1[32U] = {0U}; - IndCpaPublicKeyUnpacked_d6 lit; + IndCpaPublicKeyUnpacked_94 lit; memcpy( lit.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_d6_79(); + lit.A[0U][1U] = ZERO_d6_79(); + lit.A[1U][0U] = ZERO_d6_79(); + lit.A[1U][1U] = ZERO_d6_79(); return lit; } @@ -6768,7 +7343,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_fd(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6782,7 +7357,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_f8( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6793,7 +7368,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_fd(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -6803,8 +7378,8 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a0(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = +shake128_init_absorb_fd(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_55 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), @@ -6824,11 +7399,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c0(uint8_t input[2U][34U]) { +shake128_init_absorb_a9_fd(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a0(copy_of_input); + return shake128_init_absorb_fd(copy_of_input); } /** @@ -6837,7 +7412,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_fd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6868,9 +7443,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_fd( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_0c0(self, ret); + shake128_squeeze_three_blocks_fd(self, ret); } /** @@ -6921,7 +7496,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_29( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6958,7 +7533,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a0( +static KRML_MUSTINLINE void shake128_squeeze_block_fd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6988,9 +7563,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_fd( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_4a0(self, ret); + shake128_squeeze_block_fd(self, ret); } /** @@ -7041,7 +7616,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_290( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7079,9 +7654,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f6 closure_6c0( int16_t s[272U]) { - return from_i16_array_d6_14( + return from_i16_array_d6_79( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7091,46 +7666,50 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_670( +static KRML_MUSTINLINE void sample_from_xof_6c0( uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c0(copy_of_seeds); + shake128_init_absorb_a9_fd(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_fd(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_741( + bool done = sample_from_uniform_distribution_next_29( copy_of_randomness0, sampled_coefficients, out); + /* Requiring more than 5 blocks to sample a ring element should be very + * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid + * failing here, we squeeze more blocks out of the state until we have enough. + */ while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_1d0(&xof_state, randomness); + shake128_squeeze_block_a9_fd(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_742( + done = sample_from_uniform_distribution_next_290( copy_of_randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[2U][272U]; memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_e40(copy_of_out[i]);); + ret0[i] = closure_6c0(copy_of_out[i]);); memcpy( ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -7139,8 +7718,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_340( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], +static KRML_MUSTINLINE void sample_matrix_A_6c0( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -7155,25 +7734,24 @@ static KRML_MUSTINLINE void sample_matrix_A_340( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_670(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sampled[2U]; + sample_from_xof_6c0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + (size_t)2U, + /* A[i][j] = A_transpose[j][i] */ sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } - } - - ); + }); } /** @@ -7182,8 +7760,8 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { +static KRML_MUSTINLINE void PRFxN_49(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; uint8_t out1[192U] = {0U}; @@ -7217,9 +7795,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_080(input, ret); +static KRML_MUSTINLINE void PRFxN_a9_49(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_49(input, ret); } /** @@ -7228,9 +7806,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_af0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_3c(randomness); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +sample_from_binomial_distribution_ab(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_79(randomness); } /** @@ -7245,8 +7823,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b40( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -7259,12 +7837,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_160(prf_inputs, prf_outputs); + PRFxN_a9_49(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af0( + re_as_ntt[i0] = sample_from_binomial_distribution_ab( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_79(&re_as_ntt[i0]);); return domain_separator; } @@ -7274,10 +7852,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t */ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; +typedef struct tuple_40_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_40; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out @@ -7287,25 +7865,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( +static KRML_MUSTINLINE tuple_40 sample_vector_cbd_then_ntt_out_b40( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + re_as_ntt[i] = ZERO_d6_79();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee0(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b40(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + tuple_40 lit; memcpy( lit.fst, copy_of_re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); lit.snd = domain_separator; return lit; } @@ -7325,13 +7903,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { +static KRML_MUSTINLINE void add_to_ring_element_d6_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, + /* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7348,37 +7931,39 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { +static KRML_MUSTINLINE void compute_As_plus_e_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = matrix_A[i0]; + /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. + */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = ZERO_d6_79(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i1++) { size_t j = i1; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b80(&t_as_ntt[i0], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_89(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_79(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -7432,47 +8017,50 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_810( +static void generate_keypair_unpacked_220( Eurydice_slice key_generation_seed, - IndCpaPrivateKeyUnpacked_d6 *private_key, - IndCpaPublicKeyUnpacked_d6 *public_key) { + IndCpaPrivateKeyUnpacked_94 *private_key, + IndCpaPublicKeyUnpacked_94 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e10(key_generation_seed, hashed); + cpa_keygen_seed_d8_f8(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for + ML-KEM */ + key_generation_seed, + hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[2U] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____1)[2U] = public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_340(uu____1, ret, true); + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + sample_matrix_A_6c0(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *uu____2 = private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee0(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b40(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input, domain_separator) .fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a20(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + compute_As_plus_e_89(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, + public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; - core_result_Result_00 dst; + core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_26_b3(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -7488,18 +8076,20 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bb( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); - generate_keypair_unpacked_810(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_94 private_key = default_1a_89(); + IndCpaPublicKeyUnpacked_94 public_key = default_8d_89(); + generate_keypair_unpacked_220(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_020( - public_key.t_as_ntt, + serialize_public_key_ba( + /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_5f0(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_29( + /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7526,7 +8116,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_0a( +static KRML_MUSTINLINE void serialize_kem_secret_key_4d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7552,7 +8142,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_160(public_key, ret0); + H_a9_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7589,7 +8179,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( +libcrux_ml_kem_types_MlKemKeyPair_3e libcrux_ml_kem_ind_cca_generate_keypair_d6( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7599,13 +8189,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_2f(ind_cpa_keypair_randomness); + generate_keypair_bb(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_0a( + serialize_kem_secret_key_4d( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7613,14 +8203,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( uint8_t copy_of_secret_key_serialized[1632U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_fa private_key = + libcrux_ml_kem_types_from_88_2a(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_fa uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_fa( + uu____2, libcrux_ml_kem_types_from_40_4d(copy_of_public_key)); } /** @@ -7633,7 +8223,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f8(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7651,9 +8241,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_09( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7664,8 +8254,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c0( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_reduced_ring_element_79(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7676,7 +8266,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_490(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7711,9 +8301,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_490(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_081(input, ret); + PRFxN_490(input, ret); } /** @@ -7727,11 +8317,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; +static KRML_MUSTINLINE tuple_40 +sample_ring_element_cbd_b40(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); + error_1[i] = ZERO_d6_79();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7743,22 +8333,22 @@ sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_161(prf_inputs, prf_outputs); + PRFxN_a9_490(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____1 = + sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_error_1[2U]; memcpy( copy_of_error_1, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + tuple_40 lit; memcpy( lit.fst, copy_of_error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); lit.snd = domain_separator; return lit; } @@ -7773,9 +8363,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_490(Eurydice_slice input, uint8_t ret[128U]) { - PRF_d10(input, ret); + PRF_a6(input, ret); } /** @@ -7784,18 +8374,21 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_190( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { +static KRML_MUSTINLINE void invert_ntt_montgomery_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); + /* We only ever call this function after matrix/vector multiplication */ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT + + / (size_t)2U; + invert_ntt_at_layer_1_79(&zeta_i, re); + invert_ntt_at_layer_2_79(&zeta_i, re); + invert_ntt_at_layer_3_79(&zeta_i, re); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_79(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_79(re); } /** @@ -7807,42 +8400,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_ba0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; +static KRML_MUSTINLINE void compute_vector_u_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_d6_7d();); + result[i] = ZERO_d6_79();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6[2U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b80(&result[i1], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_89(&result[i1], &product); } - invert_ntt_montgomery_190(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); + invert_ntt_montgomery_89(&result[i1]); + add_error_reduce_d6_79(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -7854,19 +8447,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_9f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +compute_ring_element_v_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b80(&result, &product);); - invert_ntt_montgomery_190(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_89(&result, &product);); + invert_ntt_montgomery_89(&result); + result = add_message_error_reduce_d6_79(error_2, message, result); return result; } @@ -7882,23 +8475,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_0b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], +static void compress_then_serialize_u_2d( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6), + libcrux_ml_kem_polynomial_PolynomialRingElement_f6); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 re = input[i0]; + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + out, + i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * + ((size_t)640U / (size_t)2U), + uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_880(&re, ret); + compress_then_serialize_ring_element_u_a4(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7962,57 +8561,66 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_740(IndCpaPublicKeyUnpacked_94 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := + CBD{η1}(PRF(r, N)) N := N + 1 end + for rˆ := NTT(r) */ + randomness, + prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + tuple_40 uu____1 = sample_vector_cbd_then_ntt_out_b40(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; + /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_c60(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + tuple_40 uu____3 = + sample_ring_element_cbd_b40(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_1[2U]; memcpy( error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; + prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; uint8_t prf_output[128U]; - PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 error_2 = + sample_from_binomial_distribution_89( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_ba0(public_key->A, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u[2U]; + compute_vector_u_89(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, + r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; + /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_ef(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message_as_ring_element = + deserialize_then_decompress_message_79(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = + compute_ring_element_v_89(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____5[2U]; + /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_0b0( + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + compress_then_serialize_u_2d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f30( + /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____6 = v; + compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8035,25 +8643,30 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_74(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); - deserialize_ring_elements_reduced_8c0( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + IndCpaPublicKeyUnpacked_94 unpacked_public_key = default_8d_89(); + deserialize_ring_elements_reduced_09( + Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ + public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[2U] = + Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 + do for j from 0 to k − 1 do AˆT[i][j] := + Parse(XOF(ρ, i, j)) end for end for */ + public_key, + (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6(*uu____0)[2U] = unpacked_public_key.A; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_340(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_d6 *uu____1 = &unpacked_public_key; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); + sample_matrix_A_6c0(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_94 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_be0(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_740(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8068,7 +8681,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_e9(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8095,27 +8708,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_ind_cca_encapsulate_70( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_96( + entropy_preprocess_d8_f8( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_160(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), - uint8_t), - ret); + H_a9_fd(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_4d(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_fd(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8123,25 +8736,25 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_4d(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_74(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1a ciphertext0 = + libcrux_ml_kem_types_from_fc_d0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_e9(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + kdf_d8_4d(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1a uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; + tuple_41 lit; lit.fst = uu____5; memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; @@ -8156,12 +8769,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_c5( +static KRML_MUSTINLINE void deserialize_secret_key_89( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_d6_79();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8172,13 +8785,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_c5( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 uu____0 = + deserialize_to_uncompressed_ring_element_79(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -8193,12 +8806,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ba( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_d6_7d();); + u_as_ntt[i] = ZERO_d6_79();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8216,12 +8829,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); - ntt_vector_u_9b0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ee(u_bytes); + ntt_vector_u_ee(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); } /** @@ -8236,18 +8849,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f6 +compute_message_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 result = ZERO_d6_79(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b80(&result, &product);); - invert_ntt_montgomery_190(&result); - result = subtract_reduce_d6_4a(v, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 product = + ntt_multiply_d6_79(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_89(&result, &product);); + invert_ntt_montgomery_89(&result); + result = subtract_reduce_d6_79(v, result); return result; } @@ -8285,18 +8898,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_670(IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_9d0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_590( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a0(&v, secret_key->secret_as_ntt, u_as_ntt); +static void decrypt_unpacked_4b(IndCpaPrivateKeyUnpacked_94 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 u_as_ntt[2U]; + deserialize_then_decompress_u_ba( + /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 v = + deserialize_then_decompress_ring_element_v_42( + Eurydice_array_to_subslice_from( + (size_t)768U, + /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ + ciphertext, (size_t)640U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 message = + compute_message_89(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8310,21 +8926,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4b(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_c5(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 secret_as_ntt[2U]; + deserialize_secret_key_89(/* sˆ := Decode_12(sk) */ secret_key, + secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f6 copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); + IndCpaPrivateKeyUnpacked_94 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f6)); uint8_t ret0[32U]; - decrypt_unpacked_670(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_4b(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8338,8 +8955,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); +static KRML_MUSTINLINE void PRF_a9_49(Eurydice_slice input, uint8_t ret[32U]) { + PRF_9e(input, ret); } /** @@ -8364,9 +8981,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_97( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate_a1( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8382,9 +8999,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_3d(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8392,7 +9009,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8400,30 +9017,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_74(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e9(Eurydice_array_to_slice((size_t)32U, + kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_e9(shared_secret0, shared_secret); + kdf_d8_4d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index a8c841e7e..ea670cdbf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 479c57de3..eb226abef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "internal/libcrux_mlkem_portable.h" @@ -71,11 +71,11 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; - core_result_Result_c0 dst; + core_result_Result_0a dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_26_30(dst, ret); + core_result_unwrap_26_00(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -965,16 +965,16 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ + (CLITERAL(core_ops_range_Range_08){ .start = (size_t)0U, .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { - core_option_Option_b3 uu____0 = + core_option_Option_08 uu____0 = core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3); + &iter, size_t, core_option_Option_08); if (uu____0.tag == core_option_None) { return v; } else { @@ -1012,9 +1012,13 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int32_t t = + (int32_t) /* hax_debug_assert!( i32::from(value) > -BARRETT_R && + i32::from(value) < BARRETT_R, "value is {value}" ); */ + value + + * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); int16_t quotient = (int16_t)(t >> (uint32_t) @@ -1062,7 +1066,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = - (int32_t)(int16_t)value * + (int32_t)(int16_t) /* hax_debug_assert!( value >= -FIELD_MODULUS * + MONTGOMERY_R && value <= FIELD_MODULUS * + MONTGOMERY_R, "value is {value}" ); */ + value + + * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; int32_t k_times_modulus = (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -1143,11 +1152,29 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( */ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; + int16_t shifted = + (int16_t)1664 - + (int16_t) /* The approach used here is inspired by: + https://github.com/cloudflare/circl/blob/main/pke/kyber/internal/common/poly.go#L150 + If 833 <= fe <= 2496, then -832 <= shifted <= 831 */ + fe; + int16_t mask = + /* If shifted < 0, then (shifted >> 15) ^ shifted = flip_bits(shifted) = + -shifted - 1, and so if -832 <= shifted < 0 then 0 < shifted_positive + <= 831 If shifted >= 0 then (shifted >> 15) ^ shifted = shifted, and so + if 0 <= shifted <= 831 then 0 <= shifted_positive <= 831 */ + shifted + + >> 15U; int16_t shifted_to_positive = mask ^ shifted; int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); + return (uint8_t)(/* If x <= 831, then x - 832 <= -1, and so x - 832 < 0, which + means the most significant bit of + shifted_positive_in_range will be 1. */ + shifted_positive_in_range + + >> 15U & + (int16_t)1); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1176,12 +1203,26 @@ libcrux_ml_kem_vector_portable_compress_1_0d( KRML_MUSTINLINE uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); + return + /* hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == + MONTGOMERY_SHIFT); */ + value + + & ((1U << (uint32_t)n) - 1U); } int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + uint64_t compressed = + (uint64_t) /* hax_debug_assert!( coefficient_bits == 4 || coefficient_bits + == 5 || coefficient_bits == 10 || coefficient_bits == 11 ); + hax_debug_assert!(fe <= (FIELD_MODULUS as u16)); This has to + be constant time due to: + https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJ + */ + fe + + << (uint32_t)coefficient_bits; compressed = compressed + 1664ULL; compressed = compressed * 10321340ULL; compressed = compressed >> 35U; @@ -1880,6 +1921,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); + /* Here we could also do, the following, but it slows F* down: [r0_4.0, + * r0_4.1, r0_4.2, r0_4.3, r0_4.4, r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, + * r10_14.0, r10_14.1, r10_14.2, r10_14.3, r10_14.4, r15_19.0, r15_19.1, + * r15_19.2, r15_19.3, r15_19.4 ] If we can fix the F* for this, the code + * would be more compact. */ uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2242,8 +2288,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; +static libcrux_ml_kem_polynomial_PolynomialRingElement_1d ZERO_d6_8c(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[2U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2275,9 +2321,9 @@ libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_to_reduced_ring_element_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2302,9 +2348,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5f0( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2315,8 +2361,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_reduced_ring_element_8c(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2334,16 +2380,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_5f( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b4(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_d6_8c();); + deserialize_ring_elements_reduced_5f0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -2352,7 +2398,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_7d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2371,8 +2417,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_46(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_7d(v); +shift_right_0d_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_ef(v); } /** @@ -2382,10 +2428,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_08( +to_unsigned_representative_8c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_46(a); + shift_right_0d_ef(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2398,14 +2444,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_08(re->coefficients[i0]); + to_unsigned_representative_8c(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2426,25 +2472,25 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_8c( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, +static KRML_MUSTINLINE void serialize_secret_key_ff( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_8c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2462,13 +2508,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_46( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_mut_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_8c(t_as_ntt, ret); + serialize_secret_key_ff(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2488,11 +2534,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_eb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_46(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_00(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2511,15 +2557,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_6b1( +bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[4U]; + deserialize_ring_elements_reduced_out_5f( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_eb( + serialize_public_key_00( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2537,7 +2583,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_ac(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -2556,13 +2602,17 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_0f( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_b5( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *_ciphertext) { uint8_t t[32U]; - H_f1_c6(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + H_f1_ac(Eurydice_array_to_subslice2(/* Eurydice can't access values directly + on the types. We need to go to the + `value` directly. */ + private_key->value, + (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, + uint8_t), t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, @@ -2577,9 +2627,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $4size_t */ -typedef struct IndCpaPrivateKeyUnpacked_42_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; -} IndCpaPrivateKeyUnpacked_42; +typedef struct IndCpaPrivateKeyUnpacked_af_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_af; /** This function found in impl {(core::default::Default for @@ -2592,12 +2642,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { - IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); - lit.secret_as_ntt[2U] = ZERO_d6_19(); - lit.secret_as_ntt[3U] = ZERO_d6_19(); +static IndCpaPrivateKeyUnpacked_af default_1a_d0(void) { + IndCpaPrivateKeyUnpacked_af lit; + lit.secret_as_ntt[0U] = ZERO_d6_8c(); + lit.secret_as_ntt[1U] = ZERO_d6_8c(); + lit.secret_as_ntt[2U] = ZERO_d6_8c(); + lit.secret_as_ntt[3U] = ZERO_d6_8c(); return lit; } @@ -2607,11 +2657,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $4size_t */ -typedef struct IndCpaPublicKeyUnpacked_42_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; +typedef struct IndCpaPublicKeyUnpacked_af_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[4U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; -} IndCpaPublicKeyUnpacked_42; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[4U][4U]; +} IndCpaPublicKeyUnpacked_af; /** This function found in impl {(core::default::Default for @@ -2624,32 +2674,32 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; +static IndCpaPublicKeyUnpacked_af default_8d_d0(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_d6_8c();); uint8_t uu____1[32U] = {0U}; - IndCpaPublicKeyUnpacked_42 lit; + IndCpaPublicKeyUnpacked_af lit; memcpy( lit.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[0U][2U] = ZERO_d6_19(); - lit.A[0U][3U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); - lit.A[1U][2U] = ZERO_d6_19(); - lit.A[1U][3U] = ZERO_d6_19(); - lit.A[2U][0U] = ZERO_d6_19(); - lit.A[2U][1U] = ZERO_d6_19(); - lit.A[2U][2U] = ZERO_d6_19(); - lit.A[2U][3U] = ZERO_d6_19(); - lit.A[3U][0U] = ZERO_d6_19(); - lit.A[3U][1U] = ZERO_d6_19(); - lit.A[3U][2U] = ZERO_d6_19(); - lit.A[3U][3U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_d6_8c(); + lit.A[0U][1U] = ZERO_d6_8c(); + lit.A[0U][2U] = ZERO_d6_8c(); + lit.A[0U][3U] = ZERO_d6_8c(); + lit.A[1U][0U] = ZERO_d6_8c(); + lit.A[1U][1U] = ZERO_d6_8c(); + lit.A[1U][2U] = ZERO_d6_8c(); + lit.A[1U][3U] = ZERO_d6_8c(); + lit.A[2U][0U] = ZERO_d6_8c(); + lit.A[2U][1U] = ZERO_d6_8c(); + lit.A[2U][2U] = ZERO_d6_8c(); + lit.A[2U][3U] = ZERO_d6_8c(); + lit.A[3U][0U] = ZERO_d6_8c(); + lit.A[3U][1U] = ZERO_d6_8c(); + lit.A[3U][2U] = ZERO_d6_8c(); + lit.A[3U][3U] = ZERO_d6_8c(); return lit; } @@ -2662,7 +2712,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_ac(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2676,7 +2726,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_03( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2687,7 +2737,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_ac(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -2696,18 +2746,18 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics - $4size_t */ -typedef struct PortableHash_d1_s { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; -} PortableHash_d1; +typedef struct PortableHash_44_s { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[4U]; +} PortableHash_44; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ -static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_37(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; +static KRML_MUSTINLINE PortableHash_44 +shake128_init_absorb_ac(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); @@ -2717,12 +2767,12 @@ shake128_init_absorb_37(uint8_t input[4U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[4U]; memcpy(copy_of_shake128_state, shake128_state, - (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); - PortableHash_d1 lit; + (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); + PortableHash_44 lit; memcpy(lit.shake128_state, copy_of_shake128_state, - (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); + (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); return lit; } @@ -2736,12 +2786,12 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_17(uint8_t input[4U][34U]) { +static KRML_MUSTINLINE PortableHash_44 +shake128_init_absorb_f1_ac(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_37(copy_of_input); + return shake128_init_absorb_ac(copy_of_input); } /** @@ -2750,8 +2800,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( - PortableHash_d1 *st, uint8_t ret[4U][504U]) { +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ac( + PortableHash_44 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2771,9 +2821,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( - PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_72(self, ret); +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_ac( + PortableHash_44 *self, uint8_t ret[4U][504U]) { + shake128_squeeze_three_blocks_ac(self, ret); } /** @@ -2824,7 +2874,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2862,7 +2912,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ac(PortableHash_44 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2883,9 +2933,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( - PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_e6(self, ret); +static KRML_MUSTINLINE void shake128_squeeze_block_f1_ac( + PortableHash_44 *self, uint8_t ret[4U][168U]) { + shake128_squeeze_block_ac(self, ret); } /** @@ -2936,7 +2986,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_ff0( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2979,9 +3029,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_d6_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +from_i16_array_d6_8c(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3001,9 +3051,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( +static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b( int16_t s[272U]) { - return from_i16_array_d6_bb( + return from_i16_array_d6_8c( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3014,45 +3064,49 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_49( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); + PortableHash_44 xof_state = shake128_init_absorb_f1_ac(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_ac(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_fb( + bool done = sample_from_uniform_distribution_next_ff( copy_of_randomness0, sampled_coefficients, out); + /* Requiring more than 5 blocks to sample a ring element should be very + * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid + * failing here, we squeeze more blocks out of the state until we have enough. + */ while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_48(&xof_state, randomness); + shake128_squeeze_block_f1_ac(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_fb0( + done = sample_from_uniform_distribution_next_ff0( copy_of_randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[4U][272U]; memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_ba(copy_of_out[i]);); + ret0[i] = closure_2b(copy_of_out[i]);); memcpy( ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -3062,8 +3116,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], +static KRML_MUSTINLINE void sample_matrix_A_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; @@ -3078,25 +3132,24 @@ static KRML_MUSTINLINE void sample_matrix_A_ae( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_49(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[4U]; + sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + (size_t)4U, + /* A[i][j] = A_transpose[j][i] */ sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } - } - - ); + }); } /** @@ -3105,7 +3158,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_44(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -3126,9 +3179,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_44(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_d5(input, ret); + PRFxN_44(input, ret); } /** @@ -3186,8 +3239,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +sample_from_binomial_distribution_2_8c(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3221,7 +3274,7 @@ sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_bb( + return from_i16_array_d6_8c( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3231,8 +3284,8 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +sample_from_binomial_distribution_3_8c(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3265,7 +3318,7 @@ sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_d6_bb( + return from_i16_array_d6_8c( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3275,9 +3328,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_dd(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_d1(randomness); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +sample_from_binomial_distribution_a0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_8c(randomness); } /** @@ -3286,10 +3339,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_98( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void ntt_at_layer_7_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { + for (size_t i = (size_t)0U; + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + step; + i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( @@ -3314,7 +3372,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_2c( +montgomery_multiply_fe_8c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3328,12 +3386,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_02( + ntt_layer_int_vec_step_8c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_2c(b, zeta_r); + montgomery_multiply_fe_8c(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3347,8 +3405,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, +static KRML_MUSTINLINE void ntt_at_layer_4_plus_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { @@ -3360,7 +3418,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_02( + ntt_layer_int_vec_step_8c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3377,8 +3435,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_e9( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void ntt_at_layer_3_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; @@ -3395,8 +3453,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_34( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void ntt_at_layer_2_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; @@ -3415,8 +3473,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_bd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void ntt_at_layer_1_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; @@ -3444,10 +3502,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_d6_a9( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { +static KRML_MUSTINLINE void poly_barrett_reduce_d6_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -3462,17 +3524,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_fb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_98(re); +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { + ntt_at_layer_7_8c(/* Due to the small coefficient bound, we can skip the first + round of Montgomery reductions. */ + re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_8c(&zeta_i, re); + ntt_at_layer_2_8c(&zeta_i, re); + ntt_at_layer_1_8c(&zeta_i, re); + poly_barrett_reduce_d6_8c(re); } /** @@ -3488,8 +3552,8 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3502,12 +3566,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_44(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd( + re_as_ntt[i0] = sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]);); return domain_separator; } @@ -3517,10 +3581,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[4size_t], uint8_t */ -typedef struct tuple_710_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[4U]; +typedef struct tuple_dd0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[4U]; uint8_t snd; -} tuple_710; +} tuple_dd0; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out @@ -3531,25 +3595,25 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( +static KRML_MUSTINLINE tuple_dd0 sample_vector_cbd_then_ntt_out_3b( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + re_as_ntt[i] = ZERO_d6_8c();); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_83(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_3b(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_710 lit; + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_dd0 lit; memcpy( lit.fst, copy_of_re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = domain_separator; return lit; } @@ -3592,10 +3656,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +ntt_multiply_d6_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { + /* hax_debug_debug_assert!(lhs .coefficients .into_iter() .all(|coefficient| + * coefficient >= 0 && coefficient < 4096)); */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d out = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3633,13 +3699,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { +static KRML_MUSTINLINE void add_to_ring_element_d6_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, self->coefficients, + (size_t)16U, + /* The semicolon and parentheses at the end of loop are a + workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -3658,7 +3728,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_bd0( +to_standard_domain_8c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3675,14 +3745,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { +static KRML_MUSTINLINE void add_standard_error_reduce_d6_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_bd0(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_8c( + self->coefficients[/* The coefficients are of the form aR^{-1} mod + q, which means calling to_montgomery_domain() + on them should return a mod q. */ + j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3700,37 +3778,39 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { +static KRML_MUSTINLINE void compute_As_plus_e_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; + /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. + */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_d6_8c(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i1++) { size_t j = i1; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_d0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_8c(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3784,47 +3864,50 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_74( +static void generate_keypair_unpacked_1c( Eurydice_slice key_generation_seed, - IndCpaPrivateKeyUnpacked_42 *private_key, - IndCpaPublicKeyUnpacked_42 *public_key) { + IndCpaPrivateKeyUnpacked_af *private_key, + IndCpaPublicKeyUnpacked_af *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_b7(key_generation_seed, hashed); + cpa_keygen_seed_d8_03(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for + ML-KEM */ + key_generation_seed, + hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[4U] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[4U] = public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_ae(uu____1, ret, true); + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + sample_matrix_A_2b(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_83(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_3b(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_86(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input, domain_separator) .fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_00(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + compute_As_plus_e_d0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, + public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; - core_result_Result_00 dst; + core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_26_b3(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -3840,18 +3923,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_521( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_151( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); - generate_keypair_unpacked_74(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_af private_key = default_1a_d0(); + IndCpaPublicKeyUnpacked_af public_key = default_8d_d0(); + generate_keypair_unpacked_1c(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_eb( - public_key.t_as_ntt, + serialize_public_key_00( + /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_ff( + /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3878,7 +3963,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_82( +static KRML_MUSTINLINE void serialize_kem_secret_key_60( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3904,7 +3989,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_82( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c6(public_key, ret0); + H_f1_ac(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3942,7 +4027,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f81(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3951,13 +4036,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_521(ind_cpa_keypair_randomness); + generate_keypair_151(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_82( + serialize_kem_secret_key_60( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3965,14 +4050,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { uint8_t copy_of_secret_key_serialized[3168U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_83 private_key = + libcrux_ml_kem_types_from_88_39(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_83 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b1( - uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_94( + uu____2, libcrux_ml_kem_types_from_40_af(copy_of_public_key)); } /** @@ -3985,7 +4070,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_03(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4003,9 +4088,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_0d( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4016,8 +4101,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_reduced_ring_element_8c(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4034,11 +4119,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; +static KRML_MUSTINLINE tuple_dd0 +sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_d6_19();); + error_1[i] = ZERO_d6_8c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4050,22 +4135,22 @@ sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_44(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 = + sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[4U]; memcpy( copy_of_error_1, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_710 lit; + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_dd0 lit; memcpy( lit.fst, copy_of_error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = domain_separator; return lit; } @@ -4075,7 +4160,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_440(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_a6(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -4092,9 +4177,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_440(Eurydice_slice input, uint8_t ret[128U]) { - PRF_440(input, ret); + PRF_a6(input, ret); } /** @@ -4103,8 +4188,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void invert_ntt_at_layer_1_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -4127,8 +4212,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void invert_ntt_at_layer_2_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -4147,8 +4232,8 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_a9( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void invert_ntt_at_layer_3_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -4167,7 +4252,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_f1( + inv_ntt_layer_int_vec_step_reduce_8c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4175,7 +4260,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_2c(a_minus_b, zeta_r); + b = montgomery_multiply_fe_8c(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4187,11 +4272,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + for (size_t i0 = (size_t)0U; + i0 < (size_t)128U >> + (uint32_t) /* The semicolon and parentheses at the end of loop are a + workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + layer; + i0++) { size_t round = i0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; size_t offset = round * step * (size_t)2U; @@ -4202,7 +4293,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_f1( + inv_ntt_layer_int_vec_step_reduce_8c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4219,18 +4310,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void invert_ntt_montgomery_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); + /* We only ever call this function after matrix/vector multiplication */ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT + + / (size_t)2U; + invert_ntt_at_layer_1_8c(&zeta_i, re); + invert_ntt_at_layer_2_8c(&zeta_i, re); + invert_ntt_at_layer_3_8c(&zeta_i, re); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_8c(re); } /** @@ -4244,11 +4338,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_d6_a3( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { +static KRML_MUSTINLINE void add_error_reduce_d6_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = @@ -4271,42 +4369,42 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_51( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; +static KRML_MUSTINLINE void compute_vector_u_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_d6_19();); + result[i] = ZERO_d6_8c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[4U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d(&result[i1], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_d0(&result[i1], &product); } - invert_ntt_montgomery_5f(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d0(&result[i1]); + add_error_reduce_d6_8c(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -4316,7 +4414,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_7e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_8c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4329,9 +4427,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_40(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_message_8c(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4341,7 +4439,7 @@ deserialize_then_decompress_message_40(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_7e(coefficient_compressed); + decompress_1_8c(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4357,11 +4455,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_d6_4d( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +add_message_error_reduce_d6_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4370,8 +4468,27 @@ add_message_error_reduce_d6_4d( libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( result.coefficients[i0], (int16_t)1441); libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp = - libcrux_ml_kem_vector_portable_add_0d(self->coefficients[i0], - &message->coefficients[i0]); + libcrux_ml_kem_vector_portable_add_0d( + self->coefficients[/* FIXME: Eurydice crashes with: Warning 11: in + top-level declaration + libcrux_ml_kem.polynomial.{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]}.add_message_error_reduce__libcrux_ml_kem_libcrux_polynomials_PortableVector: + this expression is not Low*; the enclosing + function cannot be translated into C*: let + mutable ret(Mark.Present,(Mark.AtMost 2), ): + int16_t[16size_t] = $any in + libcrux_ml_kem.libcrux_polynomials.{(libcrux_ml_kem::libcrux_polynomials::libcrux_traits::Operations␣for␣libcrux_ml_kem::libcrux_polynomials::PortableVector)}.add + ((@9: + libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:int16_t[16size_t][16size_t])[@4] + &(((@8: + libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t]*)[0uint32_t]:libcrux_ml_kem_libcrux_polynomials_PortableVector[16size_t])[@4]) + @0; @0 Warning 11 is fatal, exiting. On the + following code: ```rust result.coefficients[i] + = Vector::barrett_reduce(Vector::add( + coefficient_normal_form, + &Vector::add(self.coefficients[i], + &message.coefficients[i]), )); ``` */ + i0], + &message->coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector tmp0 = libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, &tmp); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4390,19 +4507,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_16( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +compute_ring_element_v_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d(&result, &product);); - invert_ntt_montgomery_5f(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_d0(&result, &product);); + invert_ntt_montgomery_d0(&result); + result = add_message_error_reduce_d6_8c(error_2, message, result); return result; } @@ -4412,7 +4529,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_20(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_ef(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4433,9 +4550,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_0c( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_20(v); + return compress_ef(v); } /** @@ -4444,7 +4561,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_c4(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4465,9 +4582,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 11 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_200(v); +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_c4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_c4(v); } /** @@ -4476,14 +4593,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { +static KRML_MUSTINLINE void compress_then_serialize_11_54( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_0c0(to_unsigned_representative_08(re->coefficients[i0])); + compress_0d_c4(to_unsigned_representative_8c(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4501,10 +4618,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_82( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_9b(re, uu____0); + compress_then_serialize_11_54(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4520,23 +4637,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], +static void compress_then_serialize_u_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + out, + i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * + ((size_t)1408U / (size_t)4U), + uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_08(&re, ret); + compress_then_serialize_ring_element_u_82(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4548,7 +4671,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_d1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4569,9 +4692,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 4 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_201(v); +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_d1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_d1(v); } /** @@ -4580,14 +4703,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_d4( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, +static KRML_MUSTINLINE void compress_then_serialize_4_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_0c1(to_unsigned_representative_08(re.coefficients[i0])); + compress_0d_d1(to_unsigned_representative_8c(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4603,7 +4730,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_f4(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4624,9 +4751,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 5 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_202(v); +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_f4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_f4(v); } /** @@ -4635,14 +4762,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_61( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, +static KRML_MUSTINLINE void compress_then_serialize_5_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + i < + /* The semicolon and parentheses at the end of loop are a workaround for + the following bug https://github.com/hacspec/hax/issues/720 */ + LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; + i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_0c2(to_unsigned_representative_08(re.coefficients[i0])); + compress_0d_f4(to_unsigned_representative_8c(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4659,9 +4790,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b9( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_61(re, out); +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8e( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) { + compress_then_serialize_5_8c(re, out); } /** @@ -4723,57 +4854,66 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_2a(IndCpaPublicKeyUnpacked_af *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := + CBD{η1}(PRF(r, N)) N := N + 1 end + for rˆ := NTT(r) */ + randomness, + prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_86(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; + tuple_dd0 uu____1 = sample_vector_cbd_then_ntt_out_3b(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; + /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = - sample_ring_element_cbd_af(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; + tuple_dd0 uu____3 = + sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[4U]; memcpy( error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; + prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_440(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = + sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_51(public_key->A, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[4U]; + compute_vector_u_d0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, + r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; + /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_16(public_key->t_as_ntt, r_as_ntt, &error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = + deserialize_then_decompress_message_8c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + compute_ring_element_v_d0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[4U]; + /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_2b( + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + compress_then_serialize_u_2f( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b9( + /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; + compress_then_serialize_ring_element_v_8e( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4797,25 +4937,30 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_ec1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_2a1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); - deserialize_ring_elements_reduced_1b( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + IndCpaPublicKeyUnpacked_af unpacked_public_key = default_8d_d0(); + deserialize_ring_elements_reduced_0d( + Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ + public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = + Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 + do for j from 0 to k − 1 do AˆT[i][j] := + Parse(XOF(ρ, i, j)) end for end for */ + public_key, + (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[4U] = unpacked_public_key.A; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); + sample_matrix_A_2b(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_af *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_e7(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_2a(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4830,7 +4975,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_89(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_60(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4857,27 +5002,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, +tuple_fa libcrux_ml_kem_ind_cca_encapsulate_ca1( + libcrux_ml_kem_types_MlKemPublicKey_64 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_cd( + entropy_preprocess_d8_03( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c6(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), + H_f1_ac(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_af(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_ac(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4885,25 +5030,25 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_af(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_ec1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_2a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_64 ciphertext0 = + libcrux_ml_kem_types_from_fc_af(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_89(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; + kdf_d8_60(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_64 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; + tuple_fa lit; lit.fst = uu____5; memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; @@ -4915,9 +5060,9 @@ libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4939,12 +5084,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a21( +static KRML_MUSTINLINE void deserialize_secret_key_d0( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_d6_8c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4955,13 +5100,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_a21( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_uncompressed_ring_element_8c(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -4971,10 +5116,14 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_1b( +decompress_ciphertext_coefficient_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + i < + /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| + coefficient.abs() < 1 << COEFFICIENT_BITS)); */ + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -4996,9 +5145,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_7e( +decompress_ciphertext_coefficient_0d_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b(v); + return decompress_ciphertext_coefficient_ef(v); } /** @@ -5007,9 +5156,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_cb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_10_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -5018,7 +5167,7 @@ deserialize_then_decompress_10_cb(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_7e(coefficient); + decompress_ciphertext_coefficient_0d_ef(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5031,10 +5180,14 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_1b0( +decompress_ciphertext_coefficient_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + i < + /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| + coefficient.abs() < 1 << COEFFICIENT_BITS)); */ + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5056,9 +5209,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_7e0( +decompress_ciphertext_coefficient_0d_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b0(v); + return decompress_ciphertext_coefficient_c4(v); } /** @@ -5067,9 +5220,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_b0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_11_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -5078,7 +5231,7 @@ deserialize_then_decompress_11_b0(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_7e0(coefficient); + decompress_ciphertext_coefficient_0d_c4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5090,9 +5243,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_05(Eurydice_slice serialized) { - return deserialize_then_decompress_11_b0(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_ring_element_u_5e(Eurydice_slice serialized) { + return deserialize_then_decompress_11_8c(serialized); } /** @@ -5101,17 +5254,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_58( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void ntt_vector_u_5e( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_8c(&zeta_i, re); + ntt_at_layer_2_8c(&zeta_i, re); + ntt_at_layer_1_8c(&zeta_i, re); + poly_barrett_reduce_d6_8c(re); } /** @@ -5126,12 +5279,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( +static KRML_MUSTINLINE void deserialize_then_decompress_u_00( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_d6_19();); + u_as_ntt[i] = ZERO_d6_8c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5149,12 +5302,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_05(u_bytes); - ntt_vector_u_58(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_5e(u_bytes); + ntt_vector_u_5e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -5164,10 +5317,14 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_1b1( +decompress_ciphertext_coefficient_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + i < + /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| + coefficient.abs() < 1 << COEFFICIENT_BITS)); */ + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5189,9 +5346,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_7e1( +decompress_ciphertext_coefficient_0d_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b1(v); + return decompress_ciphertext_coefficient_d1(v); } /** @@ -5200,9 +5357,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_4_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5211,7 +5368,7 @@ deserialize_then_decompress_4_ad(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_7e1(coefficient); + decompress_ciphertext_coefficient_0d_d1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5224,10 +5381,14 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_1b2( +decompress_ciphertext_coefficient_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + i < + /* debug_assert!(to_i16_array(v) .into_iter() .all(|coefficient| + coefficient.abs() < 1 << COEFFICIENT_BITS)); */ + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + i++) { size_t i0 = i; int32_t decompressed = (int32_t)v.elements[i0] * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -5249,9 +5410,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_7e2( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b2(v); + return decompress_ciphertext_coefficient_f4(v); } /** @@ -5260,9 +5421,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_5_8c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = ZERO_d6_8c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5271,7 +5432,7 @@ deserialize_then_decompress_5_60(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_7e2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f4(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5283,9 +5444,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { - return deserialize_then_decompress_5_60(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) { + return deserialize_then_decompress_5_8c(serialized); } /** @@ -5299,9 +5460,9 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +subtract_reduce_d6_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -5330,18 +5491,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_15( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +compute_message_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d(&result, &product);); - invert_ntt_montgomery_5f(&result); - result = subtract_reduce_d6_81(v, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_d0(&result, &product);); + invert_ntt_montgomery_d0(&result); + result = subtract_reduce_d6_8c(v, result); return result; } @@ -5351,13 +5512,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_f9( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { +static KRML_MUSTINLINE void compress_then_serialize_message_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_08(re.coefficients[i0]); + to_unsigned_representative_8c(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5405,18 +5566,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_76(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_7d(IndCpaPrivateKeyUnpacked_af *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_4d(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_03( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[4U]; + deserialize_then_decompress_u_00( + /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + deserialize_then_decompress_ring_element_v_9f( + Eurydice_array_to_subslice_from( + (size_t)1568U, + /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ + ciphertext, (size_t)1408U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = + compute_message_d0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_8c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5430,21 +5594,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_a21(secret_key, secret_as_ntt); +static void decrypt_7d(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[4U]; + deserialize_secret_key_d0(/* sˆ := Decode_12(sk) */ secret_key, + secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + IndCpaPrivateKeyUnpacked_af secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t ret0[32U]; - decrypt_unpacked_76(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5453,7 +5618,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_44(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_9e(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5470,8 +5635,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); +static KRML_MUSTINLINE void PRF_f1_44(Eurydice_slice input, uint8_t ret[32U]) { + PRF_9e(input, ret); } /** @@ -5496,9 +5661,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_6a1( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate_621( + libcrux_ml_kem_types_MlKemPrivateKey_83 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_64 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5514,9 +5679,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_031(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_7d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5524,7 +5689,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a1( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_ac(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5532,31 +5697,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_7f(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_af(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_44(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_ec1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_2a1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_89(Eurydice_array_to_slice((size_t)32U, + kdf_d8_60(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_89(shared_secret0, shared_secret); + kdf_d8_60(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), + libcrux_ml_kem_types_as_ref_fd_af(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5575,9 +5740,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1e( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5588,8 +5753,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_reduced_ring_element_8c(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5607,16 +5772,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_1e( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b3(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_d6_8c();); + deserialize_ring_elements_reduced_1e(public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -5629,25 +5794,25 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_8c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, +static KRML_MUSTINLINE void serialize_secret_key_64( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_8c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5665,13 +5830,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_460( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_mut_86( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_8c0(t_as_ntt, ret); + serialize_secret_key_64(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5691,11 +5856,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_eb0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_86( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_460(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_86(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5714,15 +5879,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_6b0( +bool libcrux_ml_kem_ind_cca_validate_public_key_86(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[2U]; + deserialize_ring_elements_reduced_out_1e( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_86( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5740,7 +5905,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_c60(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5759,14 +5924,18 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_3d( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { +bool libcrux_ml_kem_ind_cca_validate_private_key_fb( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *_ciphertext) { uint8_t t[32U]; - H_f1_c60(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)2U, - (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), - t); + H_f1_fd(Eurydice_array_to_subslice2(/* Eurydice can't access values directly + on the types. We need to go to the + `value` directly. */ + private_key->value, + (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, + uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); @@ -5780,9 +5949,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $2size_t */ -typedef struct IndCpaPrivateKeyUnpacked_ae_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; -} IndCpaPrivateKeyUnpacked_ae; +typedef struct IndCpaPrivateKeyUnpacked_d4_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_d4; /** This function found in impl {(core::default::Default for @@ -5795,10 +5964,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { - IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); +static IndCpaPrivateKeyUnpacked_d4 default_1a_a0(void) { + IndCpaPrivateKeyUnpacked_d4 lit; + lit.secret_as_ntt[0U] = ZERO_d6_8c(); + lit.secret_as_ntt[1U] = ZERO_d6_8c(); return lit; } @@ -5808,11 +5977,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $2size_t */ -typedef struct IndCpaPublicKeyUnpacked_ae_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; +typedef struct IndCpaPublicKeyUnpacked_d4_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[2U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; -} IndCpaPublicKeyUnpacked_ae; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[2U][2U]; +} IndCpaPublicKeyUnpacked_d4; /** This function found in impl {(core::default::Default for @@ -5825,20 +5994,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; +static IndCpaPublicKeyUnpacked_d4 default_8d_a0(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_d6_8c();); uint8_t uu____1[32U] = {0U}; - IndCpaPublicKeyUnpacked_ae lit; + IndCpaPublicKeyUnpacked_d4 lit; memcpy( lit.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_d6_8c(); + lit.A[0U][1U] = ZERO_d6_8c(); + lit.A[1U][0U] = ZERO_d6_8c(); + lit.A[1U][1U] = ZERO_d6_8c(); return lit; } @@ -5851,7 +6020,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_070(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_fd(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5865,7 +6034,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5876,7 +6045,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_f1_070(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_fd(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5885,18 +6054,18 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics - $2size_t */ -typedef struct PortableHash_8b_s { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; -} PortableHash_8b; +typedef struct PortableHash_cf_s { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[2U]; +} PortableHash_cf; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ -static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_370(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; +static KRML_MUSTINLINE PortableHash_cf +shake128_init_absorb_fd(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); @@ -5906,12 +6075,12 @@ shake128_init_absorb_370(uint8_t input[2U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[2U]; memcpy(copy_of_shake128_state, shake128_state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); - PortableHash_8b lit; + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); + PortableHash_cf lit; memcpy(lit.shake128_state, copy_of_shake128_state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); return lit; } @@ -5925,12 +6094,12 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_170(uint8_t input[2U][34U]) { +static KRML_MUSTINLINE PortableHash_cf +shake128_init_absorb_f1_fd(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_370(copy_of_input); + return shake128_init_absorb_fd(copy_of_input); } /** @@ -5939,8 +6108,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_720( - PortableHash_8b *st, uint8_t ret[2U][504U]) { +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_fd( + PortableHash_cf *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5960,9 +6129,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_750( - PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_720(self, ret); +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_fd( + PortableHash_cf *self, uint8_t ret[2U][504U]) { + shake128_squeeze_three_blocks_fd(self, ret); } /** @@ -6013,7 +6182,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_64( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6051,8 +6220,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e60(PortableHash_8b *st, - uint8_t ret[2U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_block_fd(PortableHash_cf *st, + uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6072,9 +6241,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_480( - PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_e60(self, ret); +static KRML_MUSTINLINE void shake128_squeeze_block_f1_fd( + PortableHash_cf *self, uint8_t ret[2U][168U]) { + shake128_squeeze_block_fd(self, ret); } /** @@ -6125,7 +6294,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_640( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6164,9 +6333,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b0( int16_t s[272U]) { - return from_i16_array_d6_bb( + return from_i16_array_d6_8c( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6177,45 +6346,49 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_490( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_170(copy_of_seeds); + PortableHash_cf xof_state = shake128_init_absorb_f1_fd(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_750(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_fd(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_fb1( + bool done = sample_from_uniform_distribution_next_64( copy_of_randomness0, sampled_coefficients, out); + /* Requiring more than 5 blocks to sample a ring element should be very + * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid + * failing here, we squeeze more blocks out of the state until we have enough. + */ while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_480(&xof_state, randomness); + shake128_squeeze_block_f1_fd(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_fb2( + done = sample_from_uniform_distribution_next_640( copy_of_randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[2U][272U]; memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_ba0(copy_of_out[i]);); + ret0[i] = closure_2b0(copy_of_out[i]);); memcpy( ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -6225,8 +6398,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], +static KRML_MUSTINLINE void sample_matrix_A_2b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; @@ -6241,25 +6414,24 @@ static KRML_MUSTINLINE void sample_matrix_A_ae0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_490(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[2U]; + sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + (size_t)2U, + /* A[i][j] = A_transpose[j][i] */ sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } - } - - ); + }); } /** @@ -6268,8 +6440,8 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_d50(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { +static KRML_MUSTINLINE void PRFxN_49(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6289,9 +6461,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_9f0(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_d50(input, ret); +static KRML_MUSTINLINE void PRFxN_f1_49(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_49(input, ret); } /** @@ -6300,9 +6472,9 @@ libcrux_ml_kem.sampling.sample_from_binomial_distribution with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_dd0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_a6(randomness); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +sample_from_binomial_distribution_1b(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_8c(randomness); } /** @@ -6318,8 +6490,8 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -6332,12 +6504,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_9f0(prf_inputs, prf_outputs); + PRFxN_f1_49(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd0( + re_as_ntt[i0] = sample_from_binomial_distribution_1b( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]);); return domain_separator; } @@ -6347,10 +6519,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; +typedef struct tuple_400_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[2U]; uint8_t snd; -} tuple_740; +} tuple_400; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out @@ -6361,25 +6533,25 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( +static KRML_MUSTINLINE tuple_400 sample_vector_cbd_then_ntt_out_3b0( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + re_as_ntt[i] = ZERO_d6_8c();); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_830(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_3b0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_400 lit; memcpy( lit.fst, copy_of_re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = domain_separator; return lit; } @@ -6399,13 +6571,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { +static KRML_MUSTINLINE void add_to_ring_element_d6_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, self->coefficients, + (size_t)16U, + /* The semicolon and parentheses at the end of loop are a + workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -6426,37 +6602,39 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_000( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { +static KRML_MUSTINLINE void compute_As_plus_e_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; + /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. + */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_d6_8c(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i1++) { size_t j = i1; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d0(&t_as_ntt[i0], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_8c(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6510,47 +6688,50 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_740( +static void generate_keypair_unpacked_1c0( Eurydice_slice key_generation_seed, - IndCpaPrivateKeyUnpacked_ae *private_key, - IndCpaPublicKeyUnpacked_ae *public_key) { + IndCpaPrivateKeyUnpacked_d4 *private_key, + IndCpaPublicKeyUnpacked_d4 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_07(key_generation_seed, hashed); + cpa_keygen_seed_d8_10(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for + ML-KEM */ + key_generation_seed, + hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[2U] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[2U] = public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_ae0(uu____1, ret, true); + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + sample_matrix_A_2b0(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_830(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_3b0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_860(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input, domain_separator) .fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_000(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + compute_As_plus_e_a0(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, + public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; - core_result_Result_00 dst; + core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_26_b3(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6566,18 +6747,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_150( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); - generate_keypair_unpacked_740(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_d4 private_key = default_1a_a0(); + IndCpaPublicKeyUnpacked_d4 public_key = default_8d_a0(); + generate_keypair_unpacked_1c0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( - public_key.t_as_ntt, + serialize_public_key_86( + /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_8c0(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_64( + /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6604,7 +6787,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_83( +static KRML_MUSTINLINE void serialize_kem_secret_key_30( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6630,7 +6813,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_83( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c60(public_key, ret0); + H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6667,8 +6850,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { +libcrux_ml_kem_types_MlKemKeyPair_3e +libcrux_ml_kem_ind_cca_generate_keypair_f80(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6677,13 +6860,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_520(ind_cpa_keypair_randomness); + generate_keypair_150(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_83( + serialize_kem_secret_key_30( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6691,14 +6874,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { uint8_t copy_of_secret_key_serialized[1632U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_fa private_key = + libcrux_ml_kem_types_from_88_2a(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_fa uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_fa( + uu____2, libcrux_ml_kem_types_from_40_4d(copy_of_public_key)); } /** @@ -6711,7 +6894,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_10(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6729,9 +6912,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5f( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6742,8 +6925,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b0( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_reduced_ring_element_8c(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6754,7 +6937,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_490(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6775,9 +6958,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_490(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_d51(input, ret); + PRFxN_490(input, ret); } /** @@ -6792,11 +6975,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; +static KRML_MUSTINLINE tuple_400 +sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_d6_19();); + error_1[i] = ZERO_d6_8c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6808,22 +6991,22 @@ sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_9f1(prf_inputs, prf_outputs); + PRFxN_f1_490(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 = + sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[2U]; memcpy( copy_of_error_1, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_400 lit; memcpy( lit.fst, copy_of_error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = domain_separator; return lit; } @@ -6838,9 +7021,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_490(Eurydice_slice input, uint8_t ret[128U]) { - PRF_440(input, ret); + PRF_a6(input, ret); } /** @@ -6849,18 +7032,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_5f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void invert_ntt_montgomery_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); + /* We only ever call this function after matrix/vector multiplication */ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT + + / (size_t)2U; + invert_ntt_at_layer_1_8c(&zeta_i, re); + invert_ntt_at_layer_2_8c(&zeta_i, re); + invert_ntt_at_layer_3_8c(&zeta_i, re); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_8c(re); } /** @@ -6872,42 +7058,42 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_510( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; +static KRML_MUSTINLINE void compute_vector_u_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_d6_19();); + result[i] = ZERO_d6_8c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[2U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d0(&result[i1], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_a0(&result[i1], &product); } - invert_ntt_montgomery_5f0(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); + invert_ntt_montgomery_a0(&result[i1]); + add_error_reduce_d6_8c(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -6919,19 +7105,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_160( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +compute_ring_element_v_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d0(&result, &product);); - invert_ntt_montgomery_5f0(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_a0(&result, &product);); + invert_ntt_montgomery_a0(&result); + result = add_message_error_reduce_d6_8c(error_2, message, result); return result; } @@ -6941,14 +7127,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_470( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { +static KRML_MUSTINLINE void compress_then_serialize_10_ff( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_0c(to_unsigned_representative_08(re->coefficients[i0])); + compress_0d_ef(to_unsigned_representative_8c(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6966,10 +7152,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_470(re, uu____0); + compress_then_serialize_10_ff(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6985,23 +7171,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_2b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], +static void compress_then_serialize_u_6d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + out, + i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * + ((size_t)640U / (size_t)2U), + uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_080(&re, ret); + compress_then_serialize_ring_element_u_fe(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7014,9 +7206,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b90( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_d4(re, out); +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re, Eurydice_slice out) { + compress_then_serialize_4_8c(re, out); } /** @@ -7078,58 +7270,67 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_2a0(IndCpaPublicKeyUnpacked_d4 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := + CBD{η1}(PRF(r, N)) N := N + 1 end + for rˆ := NTT(r) */ + randomness, + prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_860(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; + tuple_400 uu____1 = + sample_vector_cbd_then_ntt_out_3b0(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; + /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_af0(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; + tuple_400 uu____3 = + sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[2U]; memcpy( error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; + prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_490(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = + sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_510(public_key->A, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[2U]; + compute_vector_u_a0(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, + r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; + /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_160(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = + deserialize_then_decompress_message_8c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + compute_ring_element_v_a0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[2U]; + /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_2b0( + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + compress_then_serialize_u_6d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b90( + /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; + compress_then_serialize_ring_element_v_ff0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7153,25 +7354,30 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_2a0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); - deserialize_ring_elements_reduced_1b0( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + IndCpaPublicKeyUnpacked_d4 unpacked_public_key = default_8d_a0(); + deserialize_ring_elements_reduced_5f( + Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ + public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[2U] = + Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 + do for j from 0 to k − 1 do AˆT[i][j] := + Parse(XOF(ρ, i, j)) end for end for */ + public_key, + (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[2U] = unpacked_public_key.A; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae0(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_ae *uu____1 = &unpacked_public_key; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); + sample_matrix_A_2b0(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_d4 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_e70(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_2a0(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7186,7 +7392,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_30(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7213,27 +7419,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, +tuple_41 libcrux_ml_kem_ind_cca_encapsulate_ca0( + libcrux_ml_kem_types_MlKemPublicKey_52 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_3b( + entropy_preprocess_d8_10( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), - uint8_t), - ret); + H_f1_fd(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_4d(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_fd(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7241,25 +7447,25 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_4d(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_ec0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_2a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1a ciphertext0 = + libcrux_ml_kem_types_from_fc_d0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_4d(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + kdf_d8_30(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1a uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; + tuple_41 lit; lit.fst = uu____5; memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; @@ -7274,12 +7480,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a20( +static KRML_MUSTINLINE void deserialize_secret_key_a0( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_d6_8c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7290,13 +7496,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_a20( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_uncompressed_ring_element_8c(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -7305,9 +7511,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_050(Eurydice_slice serialized) { - return deserialize_then_decompress_10_cb(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_ring_element_u_0a(Eurydice_slice serialized) { + return deserialize_then_decompress_10_8c(serialized); } /** @@ -7316,17 +7522,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_580( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void ntt_vector_u_0a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_8c(&zeta_i, re); + ntt_at_layer_2_8c(&zeta_i, re); + ntt_at_layer_1_8c(&zeta_i, re); + poly_barrett_reduce_d6_8c(re); } /** @@ -7341,12 +7547,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_86( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_d6_19();); + u_as_ntt[i] = ZERO_d6_8c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7364,12 +7570,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); - ntt_vector_u_580(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0a(u_bytes); + ntt_vector_u_0a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -7378,9 +7584,9 @@ libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ad(serialized); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +deserialize_then_decompress_ring_element_v_d0(Eurydice_slice serialized) { + return deserialize_then_decompress_4_8c(serialized); } /** @@ -7395,18 +7601,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_150( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +compute_message_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d0(&result, &product);); - invert_ntt_montgomery_5f0(&result); - result = subtract_reduce_d6_81(v, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_a0(&result, &product);); + invert_ntt_montgomery_a0(&result); + result = subtract_reduce_d6_8c(v, result); return result; } @@ -7444,18 +7650,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_760(IndCpaPrivateKeyUnpacked_ae *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_4d0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_030( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_150(&v, secret_key->secret_as_ntt, u_as_ntt); +static void decrypt_unpacked_d1(IndCpaPrivateKeyUnpacked_d4 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[2U]; + deserialize_then_decompress_u_86( + /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + deserialize_then_decompress_ring_element_v_d0( + Eurydice_array_to_subslice_from( + (size_t)768U, + /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ + ciphertext, (size_t)640U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = + compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_8c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7469,21 +7678,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_a20(secret_key, secret_as_ntt); +static void decrypt_d1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[2U]; + deserialize_secret_key_a0(/* sˆ := Decode_12(sk) */ secret_key, + secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + IndCpaPrivateKeyUnpacked_d4 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t ret0[32U]; - decrypt_unpacked_760(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_d1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7497,8 +7707,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); +static KRML_MUSTINLINE void PRF_f1_49(Eurydice_slice input, uint8_t ret[32U]) { + PRF_9e(input, ret); } /** @@ -7523,9 +7733,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_6a0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate_620( + libcrux_ml_kem_types_MlKemPrivateKey_fa *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1a *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7541,9 +7751,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_030(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7551,7 +7761,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_fd(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7559,31 +7769,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_4d(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_49(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_ec0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_2a0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, + kdf_d8_30(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_4d(shared_secret0, shared_secret); + kdf_d8_30(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_fd_d0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7602,9 +7812,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c0( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7615,8 +7825,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_reduced_ring_element_8c(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7634,16 +7844,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_c0( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b2(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_d6_8c();); + deserialize_ring_elements_reduced_c0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -7656,25 +7866,25 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_8c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, +static KRML_MUSTINLINE void serialize_secret_key_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_8c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7692,13 +7902,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_461( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_mut_6c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_8c1(t_as_ntt, ret); + serialize_secret_key_89(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7718,11 +7928,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_eb1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, +static KRML_MUSTINLINE void serialize_public_key_6c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_461(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7741,15 +7951,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_6b( +bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d deserialized_pk[3U]; + deserialize_ring_elements_reduced_out_c0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_eb1( + serialize_public_key_6c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7767,7 +7977,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7786,14 +7996,18 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_46( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +bool libcrux_ml_kem_ind_cca_validate_private_key_37( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_c61(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)3U, - (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), - t); + H_f1_e0(Eurydice_array_to_subslice2(/* Eurydice can't access values directly + on the types. We need to go to the + `value` directly. */ + private_key->value, + (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, + uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); @@ -7807,9 +8021,9 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $3size_t */ -typedef struct IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} IndCpaPrivateKeyUnpacked_f8; +typedef struct IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_a0; /** This function found in impl {(core::default::Default for @@ -7822,11 +8036,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { - IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); - lit.secret_as_ntt[2U] = ZERO_d6_19(); +static IndCpaPrivateKeyUnpacked_a0 default_1a_1b(void) { + IndCpaPrivateKeyUnpacked_a0 lit; + lit.secret_as_ntt[0U] = ZERO_d6_8c(); + lit.secret_as_ntt[1U] = ZERO_d6_8c(); + lit.secret_as_ntt[2U] = ZERO_d6_8c(); return lit; } @@ -7836,11 +8050,11 @@ libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - $3size_t */ -typedef struct IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; +typedef struct IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d t_as_ntt[3U]; uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} IndCpaPublicKeyUnpacked_f8; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d A[3U][3U]; +} IndCpaPublicKeyUnpacked_a0; /** This function found in impl {(core::default::Default for @@ -7853,25 +8067,25 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; +static IndCpaPublicKeyUnpacked_a0 default_8d_1b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_d6_8c();); uint8_t uu____1[32U] = {0U}; - IndCpaPublicKeyUnpacked_f8 lit; + IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[0U][2U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); - lit.A[1U][2U] = ZERO_d6_19(); - lit.A[2U][0U] = ZERO_d6_19(); - lit.A[2U][1U] = ZERO_d6_19(); - lit.A[2U][2U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_d6_8c(); + lit.A[0U][1U] = ZERO_d6_8c(); + lit.A[0U][2U] = ZERO_d6_8c(); + lit.A[1U][0U] = ZERO_d6_8c(); + lit.A[1U][1U] = ZERO_d6_8c(); + lit.A[1U][2U] = ZERO_d6_8c(); + lit.A[2U][0U] = ZERO_d6_8c(); + lit.A[2U][1U] = ZERO_d6_8c(); + lit.A[2U][2U] = ZERO_d6_8c(); return lit; } @@ -7884,7 +8098,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7898,7 +8112,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_9c( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7909,7 +8123,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_e0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -7918,18 +8132,18 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics - $3size_t */ -typedef struct PortableHash_58_s { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; -} PortableHash_58; +typedef struct PortableHash_88_s { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U]; +} PortableHash_88; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ -static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_371(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; +static KRML_MUSTINLINE PortableHash_88 +shake128_init_absorb_e0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_17 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); @@ -7939,12 +8153,12 @@ shake128_init_absorb_371(uint8_t input[3U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + libcrux_sha3_generic_keccak_KeccakState_17 copy_of_shake128_state[3U]; memcpy(copy_of_shake128_state, shake128_state, - (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); - PortableHash_58 lit; + (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); + PortableHash_88 lit; memcpy(lit.shake128_state, copy_of_shake128_state, - (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); + (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_17)); return lit; } @@ -7958,12 +8172,12 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_171(uint8_t input[3U][34U]) { +static KRML_MUSTINLINE PortableHash_88 +shake128_init_absorb_f1_e0(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_371(copy_of_input); + return shake128_init_absorb_e0(copy_of_input); } /** @@ -7972,8 +8186,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( - PortableHash_58 *st, uint8_t ret[3U][504U]) { +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_e0( + PortableHash_88 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7993,9 +8207,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( - PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_721(self, ret); +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_e0( + PortableHash_88 *self, uint8_t ret[3U][504U]) { + shake128_squeeze_three_blocks_e0(self, ret); } /** @@ -8046,7 +8260,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8084,8 +8298,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_58 *st, - uint8_t ret[3U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_block_e0(PortableHash_88 *st, + uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8105,9 +8319,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( - PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_e61(self, ret); +static KRML_MUSTINLINE void shake128_squeeze_block_f1_e0( + PortableHash_88 *self, uint8_t ret[3U][168U]) { + shake128_squeeze_block_e0(self, ret); } /** @@ -8158,7 +8372,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8197,9 +8411,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_1d closure_2b1( int16_t s[272U]) { - return from_i16_array_d6_bb( + return from_i16_array_d6_8c( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8210,45 +8424,49 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_491( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); + PortableHash_88 xof_state = shake128_init_absorb_f1_e0(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_fb3( + bool done = sample_from_uniform_distribution_next_89( copy_of_randomness0, sampled_coefficients, out); + /* Requiring more than 5 blocks to sample a ring element should be very + * unlikely according to: https://eprint.iacr.org/2023/708.pdf To avoid + * failing here, we squeeze more blocks out of the state until we have enough. + */ while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_481(&xof_state, randomness); + shake128_squeeze_block_f1_e0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_fb4( + done = sample_from_uniform_distribution_next_890( copy_of_randomness, sampled_coefficients, out); } } /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_ba1(copy_of_out[i]);); + ret0[i] = closure_2b1(copy_of_out[i]);); memcpy( ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -8258,8 +8476,8 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], +static KRML_MUSTINLINE void sample_matrix_A_2b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; @@ -8274,25 +8492,24 @@ static KRML_MUSTINLINE void sample_matrix_A_ae1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_491(copy_of_seeds, sampled); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sampled[3U]; + sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + (size_t)3U, + /* A[i][j] = A_transpose[j][i] */ sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d sample = sampled[j]; if (transpose) { A_transpose[j][i1] = sample; } else { A_transpose[i1][j] = sample; } - } - - ); + }); } /** @@ -8301,8 +8518,8 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { +static KRML_MUSTINLINE void PRFxN_41(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8322,9 +8539,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_d52(input, ret); +static KRML_MUSTINLINE void PRFxN_f1_41(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_41(input, ret); } /** @@ -8340,8 +8557,8 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -8354,12 +8571,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd( + re_as_ntt[i0] = sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_8c(&re_as_ntt[i0]);); return domain_separator; } @@ -8369,10 +8586,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; +typedef struct tuple_230_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d fst[3U]; uint8_t snd; -} tuple_b00; +} tuple_230; /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out @@ -8383,25 +8600,25 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_861( +static KRML_MUSTINLINE tuple_230 sample_vector_cbd_then_ntt_out_3b1( uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + re_as_ntt[i] = ZERO_d6_8c();); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_831(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_3b1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_230 lit; memcpy( lit.fst, copy_of_re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = domain_separator; return lit; } @@ -8421,13 +8638,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { +static KRML_MUSTINLINE void add_to_ring_element_d6_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( - (size_t)16U, self->coefficients, + (size_t)16U, + /* The semicolon and parentheses at the end of loop are a + workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { @@ -8448,37 +8669,39 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_001( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { +static KRML_MUSTINLINE void compute_As_plus_e_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_as_ntt) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = matrix_A[i0]; + /* This may be externally provided memory. Ensure that `t_as_ntt` is all 0. + */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = ZERO_d6_8c(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i1++) { size_t j = i1; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *matrix_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d1(&t_as_ntt[i0], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_1b(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_d6_8c(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8532,47 +8755,50 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_741( +static void generate_keypair_unpacked_1c1( Eurydice_slice key_generation_seed, - IndCpaPrivateKeyUnpacked_f8 *private_key, - IndCpaPublicKeyUnpacked_f8 *public_key) { + IndCpaPrivateKeyUnpacked_a0 *private_key, + IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_3b(key_generation_seed, hashed); + cpa_keygen_seed_d8_9c(/* (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for + ML-KEM */ + key_generation_seed, + hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_ae1(uu____1, ret, true); + libcrux_ml_kem_utils_into_padded_array_b6(seed_for_A, ret); + sample_matrix_A_2b1(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, - prf_input); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + libcrux_ml_kem_utils_into_padded_array_c8(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *uu____2 = private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_831(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_3b1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_861(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input, domain_separator) .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_001(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + compute_As_plus_e_1b(/* tˆ := Aˆ ◦ sˆ + eˆ */ public_key->t_as_ntt, + public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; - core_result_Result_00 dst; + core_result_Result_fb dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_26_b3(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8588,18 +8814,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_15( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); - generate_keypair_unpacked_741(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_1b(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_1b(); + generate_keypair_unpacked_1c1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_eb1( - public_key.t_as_ntt, + serialize_public_key_6c( + /* pk := (Encode_12(tˆ mod^{+}q) || ρ) */ public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_8c1(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_89( + /* sk := Encode_12(sˆ mod^{+}q) */ private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8626,7 +8854,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_61( +static KRML_MUSTINLINE void serialize_kem_secret_key_d6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8652,7 +8880,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_61( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c61(public_key, ret0); + H_f1_e0(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8690,7 +8918,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f8(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8699,13 +8927,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_52(ind_cpa_keypair_randomness); + generate_keypair_15(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_61( + serialize_kem_secret_key_d6( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8713,14 +8941,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + libcrux_ml_kem_types_MlKemPrivateKey_d9 private_key = + libcrux_ml_kem_types_from_88_28(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_d9 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b0( - uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_74( + uu____2, libcrux_ml_kem_types_from_40_d0(copy_of_public_key)); } /** @@ -8733,7 +8961,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8751,9 +8979,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b3( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8764,8 +8992,8 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b1( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_reduced_ring_element_8c(ring_element); deserialized_pk[i0] = uu____0; } } @@ -8782,11 +9010,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; +static KRML_MUSTINLINE tuple_230 +sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_d6_19();); + error_1[i] = ZERO_d6_8c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8798,22 +9026,22 @@ sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____1 = + sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_error_1[3U]; memcpy( copy_of_error_1, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + tuple_230 lit; memcpy( lit.fst, copy_of_error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); lit.snd = domain_separator; return lit; } @@ -8828,9 +9056,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_410(Eurydice_slice input, uint8_t ret[128U]) { - PRF_440(input, ret); + PRF_a6(input, ret); } /** @@ -8839,18 +9067,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_5f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { +static KRML_MUSTINLINE void invert_ntt_montgomery_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *re) { size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); + /* We only ever call this function after matrix/vector multiplication */ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT + + / (size_t)2U; + invert_ntt_at_layer_1_8c(&zeta_i, re); + invert_ntt_at_layer_2_8c(&zeta_i, re); + invert_ntt_at_layer_3_8c(&zeta_i, re); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_8c(re); } /** @@ -8862,42 +9093,42 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_511( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; +static KRML_MUSTINLINE void compute_vector_u_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_d6_19();); + result[i] = ZERO_d6_8c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d[3U]); i0++) { size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d1(&result[i1], &product); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_1b(&result[i1], &product); } - invert_ntt_montgomery_5f1(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); + invert_ntt_montgomery_1b(&result[i1]); + add_error_reduce_d6_8c(&result[i1], &error_1[i1]); } memcpy( ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -8909,19 +9140,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_161( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +compute_ring_element_v_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d1(&result, &product);); - invert_ntt_montgomery_5f1(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_1b(&result, &product);); + invert_ntt_montgomery_1b(&result); + result = add_message_error_reduce_d6_8c(error_2, message, result); return result; } @@ -8937,23 +9168,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_2b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], +static void compress_then_serialize_u_43( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d), + libcrux_ml_kem_polynomial_PolynomialRingElement_1d); i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d re = input[i0]; + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(/* The semicolon and parentheses at the end of + loop are a workaround for the following bug + https://github.com/hacspec/hax/issues/720 */ + out, + i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * + ((size_t)960U / (size_t)3U), + uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_080(&re, ret); + compress_then_serialize_ring_element_u_fe(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -9018,59 +9255,68 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_2a1(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_c8(/* for i from 0 to k−1 do r[i] := + CBD{η1}(PRF(r, N)) N := N + 1 end + for rˆ := NTT(r) */ + randomness, + prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_861(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; + tuple_230 uu____1 = + sample_vector_cbd_then_ntt_out_3b1(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; + /* for i from 0 to k−1 do e1[i] := CBD_{η2}(PRF(r,N)) N := N + 1 end for */ memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_af1(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; + tuple_230 uu____3 = + sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_1[3U]; memcpy( error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; + prf_input[32U] = /* e_2 := CBD{η2}(PRF(r, N)) */ domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_410(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d error_2 = + sample_from_binomial_distribution_a0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_511(public_key->A, r_as_ntt, error_1, u); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u[3U]; + compute_vector_u_1b(/* u := NTT^{-1}(AˆT ◦ rˆ) + e_1 */ public_key->A, + r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; + /* v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) */ memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_161(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message_as_ring_element = + deserialize_then_decompress_message_8c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + compute_ring_element_v_1b(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____5[3U]; + /* c_1 := Encode_{du}(Compress_q(u,d_u)) */ memcpy( uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_2b1( + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + compress_then_serialize_u_43( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b90( + /* c_2 := Encode_{dv}(Compress_q(v,d_v)) */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____6 = v; + compress_then_serialize_ring_element_v_ff0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9094,25 +9340,30 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_2a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); - deserialize_ring_elements_reduced_1b1( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_1b(); + deserialize_ring_elements_reduced_b3( + Eurydice_slice_subslice_to(/* tˆ := Decode_12(pk) */ + public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = + Eurydice_slice_subslice_from(/* ρ := pk + 12·k·n / 8 for i from 0 to k−1 + do for j from 0 to k − 1 do AˆT[i][j] := + Parse(XOF(ρ, i, j)) end for end for */ + public_key, + (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d(*uu____0)[3U] = unpacked_public_key.A; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae1(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; + libcrux_ml_kem_utils_into_padded_array_b6(seed, ret0); + sample_matrix_A_2b1(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_e71(uu____1, copy_of_message, randomness, ret1); + encrypt_unpacked_2a1(uu____1, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9127,7 +9378,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_a7(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_d6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9154,27 +9405,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, +tuple_c2 libcrux_ml_kem_ind_cca_encapsulate_ca( + libcrux_ml_kem_types_MlKemPublicKey_30 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_b0( + entropy_preprocess_d8_9c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c61(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), - uint8_t), - ret); + H_f1_e0(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_d0(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_e0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9182,25 +9433,25 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_d0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_ec(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_2a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_80(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_a7(shared_secret, shared_secret_array); + kdf_d8_d6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; + tuple_c2 lit; lit.fst = uu____5; memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; @@ -9215,12 +9466,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a2( +static KRML_MUSTINLINE void deserialize_secret_key_1b( Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_d6_8c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9231,13 +9482,13 @@ static KRML_MUSTINLINE void deserialize_secret_key_a2( i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d uu____0 = + deserialize_to_uncompressed_ring_element_8c(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -9252,12 +9503,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_6c( uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_d6_19();); + u_as_ntt[i] = ZERO_d6_8c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9275,12 +9526,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); - ntt_vector_u_580(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0a(u_bytes); + ntt_vector_u_0a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); } /** @@ -9295,18 +9546,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_151( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1d +compute_message_1b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1d *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d result = ZERO_d6_8c(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d1(&result, &product);); - invert_ntt_montgomery_5f1(&result); - result = subtract_reduce_d6_81(v, result); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d product = + ntt_multiply_d6_8c(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_1b(&result, &product);); + invert_ntt_montgomery_1b(&result); + result = subtract_reduce_d6_8c(v, result); return result; } @@ -9344,18 +9595,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_761(IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_4d1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_030( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_151(&v, secret_key->secret_as_ntt, u_as_ntt); +static void decrypt_unpacked_42(IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1d u_as_ntt[3U]; + deserialize_then_decompress_u_6c( + /* u := Decompress_q(Decode_{d_u}(c), d_u) */ ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d v = + deserialize_then_decompress_ring_element_v_d0( + Eurydice_array_to_subslice_from( + (size_t)1088U, + /* v := Decompress_q(Decode_{d_v}(c + d_u·k·n / 8), d_v) */ + ciphertext, (size_t)960U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d message = + compute_message_1b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_8c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9369,21 +9623,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_a2(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1d secret_as_ntt[3U]; + deserialize_secret_key_1b(/* sˆ := Decode_12(sk) */ secret_key, + secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1d copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); + IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1d)); uint8_t ret0[32U]; - decrypt_unpacked_761(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_42(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9397,8 +9652,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); +static KRML_MUSTINLINE void PRF_f1_41(Eurydice_slice input, uint8_t ret[32U]) { + PRF_9e(input, ret); } /** @@ -9423,8 +9678,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_6a( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, +void libcrux_ml_kem_ind_cca_decapsulate_62( + libcrux_ml_kem_types_MlKemPrivateKey_d9 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), @@ -9441,9 +9696,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( + libcrux_ml_kem_utils_into_padded_array_24( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9451,7 +9706,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_e0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9459,30 +9714,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_15(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_80(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_41(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_ec(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_2a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_a7(Eurydice_array_to_slice((size_t)32U, + kdf_d8_d6(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_a7(shared_secret0, shared_secret); + kdf_d8_d6(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_fd_80(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6355ccd91..6c8a5fc52 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 1977dc044..0067796f1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_e4(buf0, buf); + libcrux_sha3_portable_keccakx1_96(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_e40(buf0, buf); + libcrux_sha3_portable_keccakx1_ad(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_e41(buf0, buf); + libcrux_sha3_portable_keccakx1_ad0(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_e42(buf0, buf); + libcrux_sha3_portable_keccakx1_1e(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_e43(buf0, buf); + libcrux_sha3_portable_keccakx1_7c(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_e44(buf0, buf); + libcrux_sha3_portable_keccakx1_c6(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e8b21a2b6..985a3e318 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "internal/libcrux_sha3_avx2.h" @@ -46,14 +46,14 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i rotate_left_21(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_76(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), mm256_srli_epi64((int32_t)63, x, __m256i)); } static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; - return mm256_xor_si256(uu____0, rotate_left_21(b)); + return mm256_xor_si256(uu____0, rotate_left_76(b)); } /** @@ -77,7 +77,8 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { } static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = mm256_set1_epi64x((int64_t)c); + __m256i c0 = mm256_set1_epi64x( + (int64_t) /* Casting here is required, doesn't change the value. */ c); return mm256_xor_si256(a, c0); } @@ -175,9 +176,9 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_89_71(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_55 +new_89_a6(void) { + libcrux_sha3_generic_keccak_KeccakState_55 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); lit.st[0U][2U] = zero_ef(); @@ -211,7 +212,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_fe(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_5b(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -331,13 +332,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_ef_d4(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_ef_5b(__m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_fe(uu____0, copy_of_b); + load_block_5b(uu____0, copy_of_b); } /** @@ -346,7 +347,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i rotate_left_210(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_02(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), mm256_srli_epi64((int32_t)28, x, __m256i)); } @@ -357,9 +358,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_13(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_02(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_210(ab); + return rotate_left_02(ab); } /** @@ -372,8 +373,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c(__m256i a, __m256i b) { - return _vxarq_u64_13(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_02(__m256i a, __m256i b) { + return _vxarq_u64_02(a, b); } /** @@ -382,7 +383,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i rotate_left_211(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_ac(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), mm256_srli_epi64((int32_t)61, x, __m256i)); } @@ -393,9 +394,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_130(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_ac(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_211(ab); + return rotate_left_ac(ab); } /** @@ -408,8 +409,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c0(__m256i a, __m256i b) { - return _vxarq_u64_130(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_ac(__m256i a, __m256i b) { + return _vxarq_u64_ac(a, b); } /** @@ -418,7 +419,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i rotate_left_212(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_020(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), mm256_srli_epi64((int32_t)23, x, __m256i)); } @@ -429,9 +430,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_131(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_020(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_212(ab); + return rotate_left_020(ab); } /** @@ -444,8 +445,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c1(__m256i a, __m256i b) { - return _vxarq_u64_131(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_020(__m256i a, __m256i b) { + return _vxarq_u64_020(a, b); } /** @@ -454,7 +455,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i rotate_left_213(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_a9(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), mm256_srli_epi64((int32_t)46, x, __m256i)); } @@ -465,9 +466,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_132(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_a9(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_213(ab); + return rotate_left_a9(ab); } /** @@ -480,8 +481,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c2(__m256i a, __m256i b) { - return _vxarq_u64_132(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_a9(__m256i a, __m256i b) { + return _vxarq_u64_a9(a, b); } /** @@ -490,9 +491,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_133(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_76(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_21(ab); + return rotate_left_76(ab); } /** @@ -505,8 +506,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c3(__m256i a, __m256i b) { - return _vxarq_u64_133(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_76(__m256i a, __m256i b) { + return _vxarq_u64_76(a, b); } /** @@ -515,7 +516,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i rotate_left_214(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), mm256_srli_epi64((int32_t)20, x, __m256i)); } @@ -526,9 +527,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_134(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_58(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_214(ab); + return rotate_left_58(ab); } /** @@ -541,8 +542,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c4(__m256i a, __m256i b) { - return _vxarq_u64_134(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_58(__m256i a, __m256i b) { + return _vxarq_u64_58(a, b); } /** @@ -551,7 +552,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i rotate_left_215(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_e0(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), mm256_srli_epi64((int32_t)54, x, __m256i)); } @@ -562,9 +563,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_135(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_e0(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_215(ab); + return rotate_left_e0(ab); } /** @@ -577,8 +578,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c5(__m256i a, __m256i b) { - return _vxarq_u64_135(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_e0(__m256i a, __m256i b) { + return _vxarq_u64_e0(a, b); } /** @@ -587,7 +588,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i rotate_left_216(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_63(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), mm256_srli_epi64((int32_t)19, x, __m256i)); } @@ -598,9 +599,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_136(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_63(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_216(ab); + return rotate_left_63(ab); } /** @@ -613,8 +614,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c6(__m256i a, __m256i b) { - return _vxarq_u64_136(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_63(__m256i a, __m256i b) { + return _vxarq_u64_63(a, b); } /** @@ -623,7 +624,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i rotate_left_217(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_6a(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), mm256_srli_epi64((int32_t)62, x, __m256i)); } @@ -634,9 +635,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_137(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_6a(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_217(ab); + return rotate_left_6a(ab); } /** @@ -649,8 +650,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c7(__m256i a, __m256i b) { - return _vxarq_u64_137(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_6a(__m256i a, __m256i b) { + return _vxarq_u64_6a(a, b); } /** @@ -659,7 +660,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i rotate_left_218(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_ab(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), mm256_srli_epi64((int32_t)2, x, __m256i)); } @@ -670,9 +671,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_138(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_ab(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_218(ab); + return rotate_left_ab(ab); } /** @@ -685,8 +686,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c8(__m256i a, __m256i b) { - return _vxarq_u64_138(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_ab(__m256i a, __m256i b) { + return _vxarq_u64_ab(a, b); } /** @@ -695,7 +696,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i rotate_left_219(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5b(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), mm256_srli_epi64((int32_t)58, x, __m256i)); } @@ -706,9 +707,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_139(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_5b(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_219(ab); + return rotate_left_5b(ab); } /** @@ -721,8 +722,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c9(__m256i a, __m256i b) { - return _vxarq_u64_139(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5b(__m256i a, __m256i b) { + return _vxarq_u64_5b(a, b); } /** @@ -731,7 +732,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i rotate_left_2110(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_6f(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), mm256_srli_epi64((int32_t)21, x, __m256i)); } @@ -742,9 +743,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1310(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_6f(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2110(ab); + return rotate_left_6f(ab); } /** @@ -757,8 +758,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c10(__m256i a, __m256i b) { - return _vxarq_u64_1310(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_6f(__m256i a, __m256i b) { + return _vxarq_u64_6f(a, b); } /** @@ -767,7 +768,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i rotate_left_2111(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_62(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), mm256_srli_epi64((int32_t)49, x, __m256i)); } @@ -778,9 +779,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1311(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_62(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2111(ab); + return rotate_left_62(ab); } /** @@ -793,8 +794,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c11(__m256i a, __m256i b) { - return _vxarq_u64_1311(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_62(__m256i a, __m256i b) { + return _vxarq_u64_62(a, b); } /** @@ -803,7 +804,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i rotate_left_2112(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_23(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), mm256_srli_epi64((int32_t)3, x, __m256i)); } @@ -814,9 +815,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1312(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_23(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2112(ab); + return rotate_left_23(ab); } /** @@ -829,8 +830,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c12(__m256i a, __m256i b) { - return _vxarq_u64_1312(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_23(__m256i a, __m256i b) { + return _vxarq_u64_23(a, b); } /** @@ -839,7 +840,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i rotate_left_2113(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_37(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), mm256_srli_epi64((int32_t)36, x, __m256i)); } @@ -850,9 +851,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1313(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_37(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2113(ab); + return rotate_left_37(ab); } /** @@ -865,8 +866,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c13(__m256i a, __m256i b) { - return _vxarq_u64_1313(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_37(__m256i a, __m256i b) { + return _vxarq_u64_37(a, b); } /** @@ -875,7 +876,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i rotate_left_2114(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_bb(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), mm256_srli_epi64((int32_t)9, x, __m256i)); } @@ -886,9 +887,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1314(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_bb(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2114(ab); + return rotate_left_bb(ab); } /** @@ -901,8 +902,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c14(__m256i a, __m256i b) { - return _vxarq_u64_1314(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_bb(__m256i a, __m256i b) { + return _vxarq_u64_bb(a, b); } /** @@ -911,7 +912,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i rotate_left_2115(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_b9(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), mm256_srli_epi64((int32_t)39, x, __m256i)); } @@ -922,9 +923,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1315(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_b9(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2115(ab); + return rotate_left_b9(ab); } /** @@ -937,8 +938,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c15(__m256i a, __m256i b) { - return _vxarq_u64_1315(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_b9(__m256i a, __m256i b) { + return _vxarq_u64_b9(a, b); } /** @@ -947,7 +948,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i rotate_left_2116(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_54(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), mm256_srli_epi64((int32_t)43, x, __m256i)); } @@ -958,9 +959,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1316(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_54(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2116(ab); + return rotate_left_54(ab); } /** @@ -973,8 +974,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c16(__m256i a, __m256i b) { - return _vxarq_u64_1316(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_54(__m256i a, __m256i b) { + return _vxarq_u64_54(a, b); } /** @@ -983,7 +984,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i rotate_left_2117(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_4c(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), mm256_srli_epi64((int32_t)8, x, __m256i)); } @@ -994,9 +995,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1317(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_4c(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2117(ab); + return rotate_left_4c(ab); } /** @@ -1009,8 +1010,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c17(__m256i a, __m256i b) { - return _vxarq_u64_1317(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_4c(__m256i a, __m256i b) { + return _vxarq_u64_4c(a, b); } /** @@ -1019,7 +1020,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i rotate_left_2118(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_ce(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), mm256_srli_epi64((int32_t)37, x, __m256i)); } @@ -1030,9 +1031,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1318(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_ce(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2118(ab); + return rotate_left_ce(ab); } /** @@ -1045,8 +1046,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c18(__m256i a, __m256i b) { - return _vxarq_u64_1318(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_ce(__m256i a, __m256i b) { + return _vxarq_u64_ce(a, b); } /** @@ -1055,7 +1056,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i rotate_left_2119(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_77(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), mm256_srli_epi64((int32_t)44, x, __m256i)); } @@ -1066,9 +1067,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1319(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_77(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2119(ab); + return rotate_left_77(ab); } /** @@ -1081,8 +1082,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c19(__m256i a, __m256i b) { - return _vxarq_u64_1319(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_77(__m256i a, __m256i b) { + return _vxarq_u64_77(a, b); } /** @@ -1091,7 +1092,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i rotate_left_2120(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_25(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), mm256_srli_epi64((int32_t)25, x, __m256i)); } @@ -1102,9 +1103,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1320(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_25(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2120(ab); + return rotate_left_25(ab); } /** @@ -1117,8 +1118,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c20(__m256i a, __m256i b) { - return _vxarq_u64_1320(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_25(__m256i a, __m256i b) { + return _vxarq_u64_25(a, b); } /** @@ -1127,7 +1128,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i rotate_left_2121(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_af(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), mm256_srli_epi64((int32_t)56, x, __m256i)); } @@ -1138,9 +1139,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1321(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_af(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2121(ab); + return rotate_left_af(ab); } /** @@ -1153,8 +1154,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c21(__m256i a, __m256i b) { - return _vxarq_u64_1321(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_af(__m256i a, __m256i b) { + return _vxarq_u64_af(a, b); } /** @@ -1163,7 +1164,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i rotate_left_2122(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_fd(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), mm256_srli_epi64((int32_t)50, x, __m256i)); } @@ -1174,9 +1175,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_1322(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_fd(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_2122(ab); + return rotate_left_fd(ab); } /** @@ -1189,8 +1190,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c22(__m256i a, __m256i b) { - return _vxarq_u64_1322(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_fd(__m256i a, __m256i b) { + return _vxarq_u64_fd(a, b); } /** @@ -1199,8 +1200,8 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_1b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { +static KRML_MUSTINLINE void theta_rho_a6( + libcrux_sha3_generic_keccak_KeccakState_55 *s) { __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]), xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], @@ -1228,30 +1229,30 @@ static KRML_MUSTINLINE void theta_rho_1b( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_02(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_ac(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_020(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_a9(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_76(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_58(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_e0(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_63(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_6a(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_ab(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_5b(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_6f(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_62(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_23(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_37(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_bb(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_b9(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_54(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_4c(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_ce(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_77(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_25(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_af(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_fd(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1261,8 +1262,8 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_70( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { +static KRML_MUSTINLINE void pi_a6( + libcrux_sha3_generic_keccak_KeccakState_55 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; @@ -1297,8 +1298,8 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_12( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { +static KRML_MUSTINLINE void chi_a6( + libcrux_sha3_generic_keccak_KeccakState_55 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); KRML_MAYBE_FOR5( @@ -1315,8 +1316,8 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_fe( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { +static KRML_MUSTINLINE void iota_a6( + libcrux_sha3_generic_keccak_KeccakState_55 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); } @@ -1327,14 +1328,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_cd( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { +static KRML_MUSTINLINE void keccakf1600_a6( + libcrux_sha3_generic_keccak_KeccakState_55 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_1b(s); - pi_70(s); - chi_12(s); - iota_fe(s, i0); + theta_rho_a6(s); + pi_a6(s); + chi_a6(s); + iota_a6(s, i0); } } @@ -1345,13 +1346,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_32( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { +static KRML_MUSTINLINE void absorb_block_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_d4(uu____0, uu____1); - keccakf1600_cd(s); + load_block_ef_5b(uu____0, uu____1); + keccakf1600_a6(s); } /** @@ -1359,14 +1360,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_1d(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_5b(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_fe(s, buf); + load_block_5b(s, buf); } /** @@ -1378,13 +1379,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_e6(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_5b(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_1d(uu____0, copy_of_b); + load_block_full_5b(uu____0, copy_of_b); } /** @@ -1395,8 +1396,8 @@ with const generics - RATE= 136 - DELIM= 31 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fb( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( @@ -1411,8 +1412,8 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_e6(uu____3, uu____4); - keccakf1600_cd(s); + load_block_full_ef_5b(uu____3, uu____4); + keccakf1600_a6(s); } /** @@ -1420,7 +1421,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_78(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_5b(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1430,13 +1431,13 @@ static KRML_MUSTINLINE void store_block_78(__m256i (*s)[5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = - mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); + __m256i v1h = mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], @@ -1542,7 +1543,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_full_5b(__m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1553,7 +1554,7 @@ static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U], Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_78(s, buf); + store_block_5b(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1580,9 +1581,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_d1(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_full_ef_5b(__m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_61(a, ret); + store_block_full_5b(a, ret); } /** @@ -1592,18 +1593,18 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_a8( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { +static KRML_MUSTINLINE void squeeze_first_and_last_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_d1(s->st, b); + store_block_full_ef_5b(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t);); } @@ -1616,9 +1617,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_ef_e3(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_5b(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_78(a, b); + store_block_5b(a, b); } /** @@ -1628,9 +1629,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_ca( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_e3(s->st, out); +static KRML_MUSTINLINE void squeeze_first_block_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { + store_block_ef_5b(s->st, out); } /** @@ -1640,10 +1641,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_66( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_cd(s); - store_block_ef_e3(s->st, out); +static KRML_MUSTINLINE void squeeze_next_block_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { + keccakf1600_a6(s); + store_block_ef_5b(s->st, out); } /** @@ -1653,19 +1654,19 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_fe( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_cd(&s); +static KRML_MUSTINLINE void squeeze_last_97( + libcrux_sha3_generic_keccak_KeccakState_55 s, Eurydice_slice out[4U]) { + keccakf1600_a6(&s); uint8_t b[4U][200U]; - store_block_full_ef_d1(s.st, b); + store_block_full_ef_5b(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t);); } @@ -1677,34 +1678,34 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_fb(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); + libcrux_sha3_generic_keccak_KeccakState_55 s = new_89_a6(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_55 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_32(uu____0, ret); + absorb_block_97(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_55 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fb(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_a8(&s, out); + squeeze_first_and_last_97(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1712,15 +1713,15 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_ca(&s, o0); - core_ops_range_Range_b3 iter = + squeeze_first_block_97(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -1730,12 +1731,12 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_66(&s, o); + squeeze_next_block_97(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_fe(s, o1); + squeeze_last_97(s, o1); } } } @@ -1747,17 +1748,26 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf0[4U] = { + /* XXX: These functions could alternatively implement the same with the + portable implementation #[cfg(feature = "simd128")] { keccakx2::<136, + 0x1fu8>([input0, input1], [out0, out1]); keccakx2::<136, + 0x1fu8>([input2, input3], [out2, out3]); } { keccakx1::<136, + 0x1fu8>([input0], [out0]); keccakx1::<136, 0x1fu8>([input1], [out1]); + keccakx1::<136, 0x1fu8>([input2], [out2]); keccakx1::<136, + 0x1fu8>([input3], [out3]); } */ + input0, + input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_b9(buf0, buf); + keccak_fb(buf0, buf); } /** Initialise the [`KeccakState`]. */ -libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_generic_keccak_KeccakState_55 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_89_71(); + return new_89_a6(); } /** @@ -1765,8 +1775,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_fe0(__m256i (*s)[5U], - Eurydice_slice blocks[4U]) { +static KRML_MUSTINLINE void load_block_3a(__m256i (*s)[5U], + Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; __m256i v00 = mm256_loadu_si256_u8( @@ -1881,14 +1891,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_1d0(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_3a(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_fe0(s, buf); + load_block_3a(s, buf); } /** @@ -1900,13 +1910,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_e60(__m256i (*a)[5U], - uint8_t b[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_ef_3a(__m256i (*a)[5U], + uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_1d0(uu____0, copy_of_b); + load_block_full_3a(uu____0, copy_of_b); } /** @@ -1917,8 +1927,8 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_7f0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { +static KRML_MUSTINLINE void absorb_final_fb0( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( @@ -1933,18 +1943,18 @@ static KRML_MUSTINLINE void absorb_final_7f0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_e60(uu____3, uu____4); - keccakf1600_cd(s); + load_block_full_ef_3a(uu____3, uu____4); + keccakf1600_a6(s); } /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_7f0(s, buf); + absorb_final_fb0(s, buf); } /** @@ -1952,8 +1962,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_780(__m256i (*s)[5U], - Eurydice_slice out[4U]) { +static KRML_MUSTINLINE void store_block_3a(__m256i (*s)[5U], + Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; __m256i v0l = mm256_permute2x128_si256( @@ -1962,13 +1972,13 @@ static KRML_MUSTINLINE void store_block_780(__m256i (*s)[5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = - mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); + __m256i v1h = mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * /* 0 0 2 2 */ i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], @@ -2078,9 +2088,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_ef_e30(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_780(a, b); +static KRML_MUSTINLINE void store_block_ef_3a(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_3a(a, b); } /** @@ -2090,20 +2100,20 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_660( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_cd(s); - store_block_ef_e30(s->st, out); +static KRML_MUSTINLINE void squeeze_next_block_970( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { + keccakf1600_a6(s); + store_block_ef_3a(s->st, out); } /** Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_660(s, buf); + squeeze_next_block_970(s, buf); } /** @@ -2113,9 +2123,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_ca0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_e30(s->st, out); +static KRML_MUSTINLINE void squeeze_first_block_970( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { + store_block_ef_3a(s->st, out); } /** @@ -2125,33 +2135,33 @@ with const generics - N= 4 - RATE= 168 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); Eurydice_slice o0[4U]; memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_ca0(s, o0); + squeeze_first_block_970(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_660(s, o1); - squeeze_next_block_660(s, o2); + squeeze_next_block_970(s, o1); + squeeze_next_block_970(s, o2); } /** Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_97(s, buf); } /** @@ -2161,37 +2171,37 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { +static KRML_MUSTINLINE void squeeze_first_five_blocks_97( + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); Eurydice_slice o0[4U]; memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_ca0(s, o0); + squeeze_first_block_970(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_660(s, o1); + squeeze_next_block_970(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_660(s, o2); + squeeze_next_block_970(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_660(s, o3); - squeeze_next_block_660(s, o4); + squeeze_next_block_970(s, o3); + squeeze_next_block_970(s, o4); } /** @@ -2199,20 +2209,20 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_0b(s, buf); + squeeze_first_five_blocks_97(s, buf); } /** Absorb */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); + libcrux_sha3_generic_keccak_absorb_final_fb(s, buf); } /** @@ -2220,10 +2230,10 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_ca(s, buf); + squeeze_first_block_97(s, buf); } /** @@ -2231,8 +2241,8 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_66(s, buf); + squeeze_next_block_97(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 667db43e5..012c7aa83 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_sha3_avx2_H @@ -29,9 +29,9 @@ with types core_core_arch_x86___m256i with const generics - $4size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { +typedef struct libcrux_sha3_generic_keccak_KeccakState_55_s { __m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; +} libcrux_sha3_generic_keccak_KeccakState_55; /** Perform 4 SHAKE256 operations in parallel @@ -44,56 +44,56 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, /** Initialise the [`KeccakState`]. */ -libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_generic_keccak_KeccakState_55 libcrux_sha3_avx2_x4_incremental_init(void); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze next block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_55 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index bfee55ebe..c184810dc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_76(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_76(b); } /** @@ -183,9 +183,9 @@ with types uint64_t with const generics - $1size_t */ -typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { +typedef struct libcrux_sha3_generic_keccak_KeccakState_17_s { uint64_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_48; +} libcrux_sha3_generic_keccak_KeccakState_17; /** Create a new Shake128 x4 state. @@ -200,9 +200,9 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_89_cf(void) { - libcrux_sha3_generic_keccak_KeccakState_48 lit; +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_17 +libcrux_sha3_generic_keccak_new_89_04(void) { + libcrux_sha3_generic_keccak_KeccakState_17 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][2U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,18 +236,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_3a( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + core_result_Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_26_68(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_3a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_65(s, buf); + libcrux_sha3_portable_keccak_load_block_3a(s, buf); } /** @@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_3a( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_3a(uu____0, copy_of_b); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_02(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_02(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d60(ab); + return libcrux_sha3_portable_keccak_rotate_left_02(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_02(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_ac(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d61(ab); + return libcrux_sha3_portable_keccak_rotate_left_ac(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_020(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_020(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d62(ab); + return libcrux_sha3_portable_keccak_rotate_left_020(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_020(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_a9(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_a9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d63(ab); + return libcrux_sha3_portable_keccak_rotate_left_a9(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_a9(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_76(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d6(ab); + return libcrux_sha3_portable_keccak_rotate_left_76(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_76(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_58(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_58(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d64(ab); + return libcrux_sha3_portable_keccak_rotate_left_58(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_58(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_e0(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d65(ab); + return libcrux_sha3_portable_keccak_rotate_left_e0(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_e0(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_63(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_63(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d66(ab); + return libcrux_sha3_portable_keccak_rotate_left_63(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_63(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_6a(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6a(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d67(ab); + return libcrux_sha3_portable_keccak_rotate_left_6a(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6a(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_ab(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ab(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d68(ab); + return libcrux_sha3_portable_keccak_rotate_left_ab(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ab(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_5b(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_5b(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d69(ab); + return libcrux_sha3_portable_keccak_rotate_left_5b(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_5b(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_6f(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6f(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d610(ab); + return libcrux_sha3_portable_keccak_rotate_left_6f(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6f(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_62(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_62(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d611(ab); + return libcrux_sha3_portable_keccak_rotate_left_62(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_62(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_23(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_23(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d612(ab); + return libcrux_sha3_portable_keccak_rotate_left_23(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_23(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_37(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_37(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d613(ab); + return libcrux_sha3_portable_keccak_rotate_left_37(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_37(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_bb(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_bb(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d614(ab); + return libcrux_sha3_portable_keccak_rotate_left_bb(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_bb(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_b9(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_b9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d615(ab); + return libcrux_sha3_portable_keccak_rotate_left_b9(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_b9(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_54(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_54(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d616(ab); + return libcrux_sha3_portable_keccak_rotate_left_54(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_54(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_4c(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4c(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d617(ab); + return libcrux_sha3_portable_keccak_rotate_left_4c(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4c(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_ce(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ce(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d618(ab); + return libcrux_sha3_portable_keccak_rotate_left_ce(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ce(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_77(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_77(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d619(ab); + return libcrux_sha3_portable_keccak_rotate_left_77(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_77(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_25(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_25(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d620(ab); + return libcrux_sha3_portable_keccak_rotate_left_25(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_25(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_af(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_af(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d621(ab); + return libcrux_sha3_portable_keccak_rotate_left_af(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_af(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fd(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_fd(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_d622(ab); + return libcrux_sha3_portable_keccak_rotate_left_fd(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_fd(a, b); } /** @@ -1192,8 +1192,8 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_04( + libcrux_sha3_generic_keccak_KeccakState_17 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_02(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_ac(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_020(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_a9(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_76(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_58(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_e0(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_63(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6a(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_ab(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_5b(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6f(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_62(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_23(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_37(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b9(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_54(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_4c(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_ce(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_77(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_25(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_af(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_fd(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,8 +1284,8 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_04( + libcrux_sha3_generic_keccak_KeccakState_17 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); s->st[0U][1U] = old[1U][1U]; @@ -1320,8 +1320,8 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_04( + libcrux_sha3_generic_keccak_KeccakState_17 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); KRML_MAYBE_FOR5( @@ -1338,8 +1338,8 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( - libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_04( + libcrux_sha3_generic_keccak_KeccakState_17 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); } @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_04( + libcrux_sha3_generic_keccak_KeccakState_17 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_a7(s); - libcrux_sha3_generic_keccak_pi_d5(s); - libcrux_sha3_generic_keccak_chi_3e(s); - libcrux_sha3_generic_keccak_iota_00(s, i0); + libcrux_sha3_generic_keccak_theta_rho_04(s); + libcrux_sha3_generic_keccak_pi_04(s); + libcrux_sha3_generic_keccak_chi_04(s); + libcrux_sha3_generic_keccak_iota_04(s, i0); } } @@ -1369,8 +1369,8 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_full_5a_3a(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3a( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_3a( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_9b(a, b); + libcrux_sha3_portable_keccak_store_block_3a(a, b); } /** @@ -1431,10 +1431,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(s); + libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out); } /** @@ -1444,9 +1444,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_3a(s->st, out); } /** @@ -1454,18 +1454,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5b( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + core_result_Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_26_68(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5b( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_650(s, buf); + libcrux_sha3_portable_keccak_load_block_5b(s, buf); } /** @@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_5b( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_5b(uu____0, copy_of_b); } /** @@ -1511,8 +1511,8 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e0( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5b( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_5b( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_9b0(a, b); + libcrux_sha3_portable_keccak_store_block_5b(a, b); } /** @@ -1573,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c60( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out); } /** @@ -1585,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c60( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(s); + libcrux_sha3_portable_keccak_store_block_5a_5b(s->st, out); } /** @@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_5b( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_5b(uu____0, copy_of_b); } /** @@ -1618,13 +1618,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_3a( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_3a(uu____0, copy_of_b); } /** @@ -1634,13 +1634,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c63( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_5a_3a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -1648,12 +1648,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_3a( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_9b(s, buf); + libcrux_sha3_portable_keccak_store_block_3a(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1669,10 +1669,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 168 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_3a( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_3a(a, ret); } /** @@ -1683,21 +1682,21 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_883( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_c63( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_3a(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -1709,22 +1708,22 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c63( + libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_3a(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -1737,36 +1736,36 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_89_04(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_c63(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_9e(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c63(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1774,15 +1773,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); - core_ops_range_Range_b3 iter = + libcrux_sha3_generic_keccak_squeeze_first_block_c6(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -1792,12 +1791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c6(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c63(s, o1); } } } @@ -1808,12 +1807,13 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_c6( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; + /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_9e4(copy_of_data, out); } /** @@ -1821,18 +1821,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_7a( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + core_result_Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_26_68(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1849,13 +1849,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_7a( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_7a(uu____0, copy_of_b); } /** @@ -1865,13 +1865,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c62( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_5a_7a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -1879,11 +1879,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_653(s, buf); + libcrux_sha3_portable_keccak_load_block_7a(s, buf); } /** @@ -1895,13 +1895,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_7a( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1912,8 +1912,8 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e4( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -1931,8 +1931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_full_5a_7a(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -1940,7 +1940,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_7a( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1958,12 +1958,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7a( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_9b3(s, buf); + libcrux_sha3_portable_keccak_store_block_7a(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1979,10 +1979,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_7a( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_7a(a, ret); } /** @@ -1993,21 +1992,21 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_882( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_c62( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_7a(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -2021,9 +2020,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7a( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_9b3(a, b); + libcrux_sha3_portable_keccak_store_block_7a(a, b); } /** @@ -2033,9 +2032,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c63( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out); } /** @@ -2045,10 +2044,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c63( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(s); + libcrux_sha3_portable_keccak_store_block_5a_7a(s->st, out); } /** @@ -2058,22 +2057,22 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c62( + libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_7a(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -2086,36 +2085,36 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_89_04(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_c62(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_9e4(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c62(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2123,15 +2122,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); - core_ops_range_Range_b3 iter = + libcrux_sha3_generic_keccak_squeeze_first_block_c63(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -2141,12 +2140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c63(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c62(s, o1); } } } @@ -2157,12 +2156,13 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_7c( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; + /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_9e3(copy_of_data, out); } /** @@ -2170,18 +2170,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + core_result_Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_26_68(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2198,13 +2198,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_2c( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); } /** @@ -2214,13 +2214,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c61( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_5a_2c(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -2228,11 +2228,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_2c( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_652(s, buf); + libcrux_sha3_portable_keccak_load_block_2c(s, buf); } /** @@ -2244,13 +2244,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_2c(uu____0, copy_of_b); } /** @@ -2261,8 +2261,8 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e3( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -2280,8 +2280,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -2289,7 +2289,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_2c( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2307,12 +2307,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2c( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_9b2(s, buf); + libcrux_sha3_portable_keccak_store_block_2c(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2328,10 +2328,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_2c( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_2c(a, ret); } /** @@ -2342,21 +2341,21 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_881( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_c61( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_2c(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -2370,9 +2369,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_2c( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_9b2(a, b); + libcrux_sha3_portable_keccak_store_block_2c(a, b); } /** @@ -2382,9 +2381,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c62( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out); } /** @@ -2394,10 +2393,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c62( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(s); + libcrux_sha3_portable_keccak_store_block_5a_2c(s->st, out); } /** @@ -2407,22 +2406,22 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c61( + libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_2c(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -2435,36 +2434,36 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_89_04(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_c61(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_9e3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c61(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2472,15 +2471,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); - core_ops_range_Range_b3 iter = + libcrux_sha3_generic_keccak_squeeze_first_block_c62(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -2490,12 +2489,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c62(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c61(s, o1); } } } @@ -2506,12 +2505,13 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_1e( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; + /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_9e2(copy_of_data, out); } /** @@ -2521,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c60( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_5a_5b(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -2535,12 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5b( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_9b0(s, buf); + libcrux_sha3_portable_keccak_store_block_5b(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2556,10 +2556,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 136 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_5b( + uint64_t (*a)[5U], uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_5b(a, ret); } /** @@ -2570,21 +2569,21 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_880( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_c60( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_5b(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -2596,22 +2595,22 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c60( + libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_5b(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -2624,36 +2623,36 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_89_04(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_9e0(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,15 +2660,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); - core_ops_range_Range_b3 iter = + libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -2679,12 +2678,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1); } } } @@ -2695,12 +2694,13 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; + /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_9e1(copy_of_data, out); } /** @@ -2711,8 +2711,8 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e2( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -2730,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_full_5a_5b(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -2742,36 +2742,36 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_89_04(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_c60(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_9e2(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c60(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,15 +2779,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); - core_ops_range_Range_b3 iter = + libcrux_sha3_generic_keccak_squeeze_first_block_c60(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -2797,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c60(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c60(s, o1); } } } @@ -2813,12 +2813,13 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ad( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; + /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_9e0(copy_of_data, out); } /** @@ -2826,18 +2827,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_f8( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + core_result_Result_15 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_26_68(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2854,13 +2855,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_f8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_f8(uu____0, copy_of_b); } /** @@ -2870,13 +2871,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_5a_f8(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -2884,11 +2885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_f8( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_651(s, buf); + libcrux_sha3_portable_keccak_load_block_f8(s, buf); } /** @@ -2900,13 +2901,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_f8( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_f8(uu____0, copy_of_b); } /** @@ -2917,8 +2918,8 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9e1( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -2936,8 +2937,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_b8(s); + libcrux_sha3_portable_keccak_load_block_full_5a_f8(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_04(s); } /** @@ -2945,7 +2946,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_f8( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2963,12 +2964,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_f8( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_9b1(s, buf); + libcrux_sha3_portable_keccak_store_block_f8(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2984,9 +2985,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_f8( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); + libcrux_sha3_portable_keccak_store_block_full_f8(a, ret); } /** @@ -2997,21 +2998,21 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_88( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_c6( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_f8(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -3025,9 +3026,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_f8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_9b1(a, b); + libcrux_sha3_portable_keccak_store_block_f8(a, b); } /** @@ -3037,9 +3038,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_c61( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out); } /** @@ -3049,10 +3050,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c61( + libcrux_sha3_generic_keccak_KeccakState_17 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(s); + libcrux_sha3_portable_keccak_store_block_5a_f8(s->st, out); } /** @@ -3062,22 +3063,22 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(&s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c6( + libcrux_sha3_generic_keccak_KeccakState_17 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_04(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_f8(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; - core_ops_range_Range_b3 lit; + core_ops_range_Range_08 lit; lit.start = (size_t)0U; lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), + core_ops_range_Range_08), uint8_t); } } @@ -3090,36 +3091,36 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9e( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_KeccakState_17 s = + libcrux_sha3_generic_keccak_new_89_04(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_c6(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + libcrux_sha3_generic_keccak_KeccakState_17 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_9e1(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c6(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,15 +3128,15 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); - core_ops_range_Range_b3 iter = + libcrux_sha3_generic_keccak_squeeze_first_block_c61(&s, o0); + core_ops_range_Range_08 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + (CLITERAL(core_ops_range_Range_08){.start = (size_t)1U, .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); + core_ops_range_Range_08, core_ops_range_Range_08); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3) + &iter, size_t, core_option_Option_08) .tag == core_option_None) { break; } else { @@ -3145,12 +3146,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c61(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c6(s, o1); } } } @@ -3161,12 +3162,13 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_96( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; + /* generic_keccak::keccak_xof::<1, u64, RATE, DELIM>(data, out); or */ memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_9e(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 8cafd81d2..300a85606 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #include "libcrux_sha3_neon.h" @@ -62,6 +62,7 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1) { + /* TODO: make argument ordering consistent */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -72,6 +73,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, */ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_init(void) { + /* XXX: These functions could alternatively implement the same with the + * portable implementation { let s0 = KeccakState::new(); let s1 = + * KeccakState::new(); [s0, s1] } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -83,6 +87,10 @@ libcrux_sha3_neon_x2_incremental_init(void) { KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { + /* XXX: These functions could alternatively implement the same with the + * portable implementation { let [mut s0, mut s1] = s; + * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1, + * data1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -96,6 +104,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { + /* XXX: These functions could alternatively implement the same with the + * portable implementation { let [mut s0, mut s1] = s; + * shake128_squeeze_first_three_blocks(&mut s0, out0); + * shake128_squeeze_first_three_blocks(&mut s1, out1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -109,6 +121,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { + /* XXX: These functions could alternatively implement the same with the + * portable implementation { let [mut s0, mut s1] = s; + * shake128_squeeze_next_block(&mut s0, out0); + * shake128_squeeze_next_block(&mut s1, out1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -132,6 +148,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_five_blocks( KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { + /* XXX: These functions could alternatively implement the same with the + * portable implementation { let [mut s0, mut s1] = s; + * shake128_absorb_final(&mut s0, data0); shake128_absorb_final(&mut s1, + * data1); } */ KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index cfd01b11c..3bf094f3c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: ddc85907bc75d00e61ada9fae3ee6f784b08df70 + * Karamel: 8c3612018c25889288da6857771be3ad03b75bcd + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 8c057443a69fbbb7d010dd1552a4ca4b8a622682 */ #ifndef __libcrux_sha3_neon_H @@ -51,7 +51,7 @@ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; + libcrux_sha3_generic_keccak_KeccakState_17 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; /** diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 08e55ac47..54dac31f3 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -26,9 +26,9 @@ files: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - - [libcrux_sha3, generic_keccak, KeccakState_29] - - [libcrux_sha3, generic_keccak, absorb_final_7f ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ] + - [libcrux_sha3, generic_keccak, KeccakState_55] + - [libcrux_sha3, generic_keccak, absorb_final_fb ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_97 ] monomorphizations_of: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] @@ -59,11 +59,11 @@ files: monomorphizations_exact: - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ] - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768PublicKeyUnpacked ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ] - - [ libcrux_ml_kem, polynomial, PolynomialRingElement_d2 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_63 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_63 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_63 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_63 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f6 ] - [ libcrux_ml_kem, vector, avx2, SIMD256Vector ] - name: libcrux_mlkem768_portable_types @@ -72,11 +72,15 @@ files: monomorphizations_exact: - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768KeyPairUnpacked ] - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768PublicKeyUnpacked ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_f8 ] - - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_f8 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_f8 ] - - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_f8 ] - - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f0 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_1d ] + # These three are probably useless + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f8 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_2c ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_7a ] - [ libcrux_ml_kem, vector, portable, vector_type, PortableVector ] # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS