From 1def0c1d8e4bff654617de6e722bc9ffb17fd1f3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Tue, 27 Aug 2024 12:31:31 +0000 Subject: [PATCH] Update C extraction --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 3 + libcrux-ml-kem/c/internal/libcrux_core.h | 26 +- .../c/internal/libcrux_mlkem_avx2.h | 98 ++- .../c/internal/libcrux_mlkem_portable.h | 98 ++- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_core.c | 26 +- libcrux-ml-kem/c/libcrux_core.h | 38 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 23 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 649 ++++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 577 +++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 10 +- libcrux-ml-kem/cg/libcrux_core.h | 42 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 390 ++++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 309 +++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 8 +- 42 files changed, 1808 insertions(+), 1148 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index c92c5be17..a05120b5f 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a +Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 +Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e +Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe +Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..5138fcdc5 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -95,6 +95,9 @@ typedef struct { #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3f6e7498f..47916d827 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_core_H @@ -110,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_e91( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f11( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -200,7 +200,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_e90( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f10( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -313,7 +313,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_e9( uint8_t value[768U]); /** @@ -327,7 +327,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -361,7 +361,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f1( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 0507dbaaf..4395b781f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -33,6 +33,13 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -43,6 +50,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); + /** Packed API @@ -86,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -112,10 +138,17 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_421( +void libcrux_ml_kem_ind_cca_decapsulate_141( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -126,6 +159,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d0( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + /** Packed API @@ -169,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -195,10 +247,17 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_420( +void libcrux_ml_kem_ind_cca_decapsulate_140( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -209,6 +268,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); + /** Packed API @@ -252,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -278,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_42( +void libcrux_ml_kem_ind_cca_decapsulate_14( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index a9b732317..6b9f00302 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -38,6 +38,13 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -48,6 +55,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_77( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + /** Packed API @@ -91,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -117,10 +143,17 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd1( +void libcrux_ml_kem_ind_cca_decapsulate_d61( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -131,6 +164,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_09( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); + /** Packed API @@ -174,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -200,10 +252,17 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd0( +void libcrux_ml_kem_ind_cca_decapsulate_d60( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -214,6 +273,25 @@ with const generics */ bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_80( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); + /** Packed API @@ -257,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -283,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd( +void libcrux_ml_kem_ind_cca_decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e87fcff90..2a0a2f146 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 34d3839a2..d168b015c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index cf2942eaf..e692d991f 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_core.h" @@ -149,7 +149,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_a91( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_e91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -170,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f11( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -184,7 +184,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a61( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f11( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_a90( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_e90( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f10( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a60( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f10( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -420,7 +420,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_a9( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_e9( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -441,7 +441,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_5c( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_a6( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f1( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index d284f5255..898336a1f 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_core_H @@ -63,16 +63,6 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { uint8_t value[1568U]; } libcrux_ml_kem_types_MlKemPublicKey_1f; -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] - -*/ -typedef struct core_option_Option_99_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_1f f0; -} core_option_Option_99; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics @@ -111,16 +101,6 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { uint8_t value[1184U]; } libcrux_ml_kem_types_MlKemPublicKey_15; -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics @@ -159,16 +139,6 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { uint8_t value[800U]; } libcrux_ml_kem_types_MlKemPublicKey_be; -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey with const generics diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 7a7138a01..b812fa7fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 6bd395b40..e8924b16a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c1( +static void decapsulate_18( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_420(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_140(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c1(private_key, ciphertext, ret); + decapsulate_18(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_67( +static tuple_21 encapsulate_63( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d20(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_960(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_67(uu____0, copy_of_randomness); + return encapsulate_63(uu____0, copy_of_randomness); } /** @@ -117,7 +117,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_39( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -133,7 +133,36 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7e(copy_of_randomness); + return generate_keypair_39(copy_of_randomness); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE bool validate_private_key_210( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_1d0(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return validate_private_key_210(private_key, ciphertext); } /** @@ -147,23 +176,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_320(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_c00(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_0a0(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_320(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { + return validate_public_key_c00(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index c428d45b7..7c9befdda 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -49,13 +49,22 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); +bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 50124a101..a068e4ff5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_b6( +static void decapsulate_58( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d61(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b6(private_key, ciphertext, ret); + decapsulate_58(private_key, ciphertext, ret); } /** @@ -76,14 +76,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_40( +static tuple_21 encapsulate_f0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_0b1(uu____0, copy_of_randomness); } /** @@ -100,7 +100,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_40(uu____0, copy_of_randomness); + return encapsulate_f0(uu____0, copy_of_randomness); } /** @@ -137,6 +137,35 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_12(copy_of_randomness); } +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE bool validate_private_key_ba1( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_77(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { + return validate_private_key_ba1(private_key, ciphertext); +} + /** Portable public key validation */ @@ -148,23 +177,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_f71(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f71(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_f71(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { + return validate_public_key_f71(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 682534bbb..095ac9ec3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem1024_portable_H @@ -49,13 +49,22 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); +bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 0bd6bf2eb..19648a439 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 9a861af2f..5b247c835 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_42(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_14(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_d3(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_6d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d2(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_96(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, copy_of_randomness); + return encapsulate_6d(uu____0, copy_of_randomness); } /** @@ -115,7 +115,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9f( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_04( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -131,7 +131,36 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9f(copy_of_randomness); + return generate_keypair_04(copy_of_randomness); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE bool validate_private_key_21( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_1d(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return validate_private_key_21(private_key, ciphertext); } /** @@ -145,23 +174,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_32(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_c0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_0a(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_32(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { + return validate_public_key_c0(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 51620676c..c3af6203f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem512_avx2_H @@ -49,13 +49,22 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); +bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index da66678c6..2b478f0a7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d60(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_cf(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_cf(private_key, ciphertext, ret); + decapsulate_f1(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_2b( +static tuple_ec encapsulate_3e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_0b0(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_2b(uu____0, copy_of_randomness); + return encapsulate_3e(uu____0, copy_of_randomness); } /** @@ -135,6 +135,35 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_48(copy_of_randomness); } +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE bool validate_private_key_ba0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_09(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { + return validate_private_key_ba0(private_key, ciphertext); +} + /** Portable public key validation */ @@ -146,23 +175,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_f70(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f70(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_f70(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem512_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { + return validate_public_key_f70(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 697c65cd3..102df0f72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem512_portable_H @@ -49,13 +49,22 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem512_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); +bool libcrux_ml_kem_mlkem512_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index a4aba4d66..9ec71c62d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ef03c9787..214e6cc6d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ba( +static void decapsulate_74( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_421(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_141(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ba( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ba(private_key, ciphertext, ret); + decapsulate_74(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_8a( +static tuple_3c encapsulate_0a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_d21(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_961(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8a(uu____0, copy_of_randomness); + return encapsulate_0a(uu____0, copy_of_randomness); } /** @@ -115,7 +115,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_68( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_cb( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -131,7 +131,36 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_68(copy_of_randomness); + return generate_keypair_cb(copy_of_randomness); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool validate_private_key_211( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_1d1(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return validate_private_key_211(private_key, ciphertext); } /** @@ -145,23 +174,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_321(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_c01(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_0a1(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_321(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return validate_public_key_c01(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 813dfefb0..2b8e8edc2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -49,13 +49,22 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); +bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index eeb4a3abb..d14d8d969 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_69( +static void decapsulate_22( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_fd(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d6(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_69( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_69(private_key, ciphertext, ret); + decapsulate_22(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_43( +static tuple_3c encapsulate_cf( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_0b(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_43(uu____0, copy_of_randomness); + return encapsulate_cf(uu____0, copy_of_randomness); } /** @@ -135,6 +135,35 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_d5(copy_of_randomness); } +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool validate_private_key_ba( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_80(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return validate_private_key_ba(private_key, ciphertext); +} + /** Portable public key validation */ @@ -146,23 +175,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_f7(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f7(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_f7(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; +bool libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return validate_public_key_f7(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ee82d1370..8283abfb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_portable_H @@ -49,13 +49,22 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +bool libcrux_ml_kem_mlkem768_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext); + /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); +bool libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 03a7b6c5c..2b1bf517c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_38(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_72(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_4d(__m256i vector) { - return shift_right_38(vector); +static __m256i shift_right_ea_1b(__m256i vector) { + return shift_right_72(vector); } /** @@ -1150,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_10(__m256i a) { - __m256i t = shift_right_ea_4d(a); + __m256i t = shift_right_ea_1b(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1242,6 +1242,13 @@ static KRML_MUSTINLINE void serialize_public_key_591( memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1267,6 +1274,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_0a1(uint8_t *public_key) { (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_a9_a11(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -2408,19 +2458,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fd1( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - /** Serialize the secret key. */ @@ -2596,7 +2633,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_d71(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_791(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_e4();); @@ -2664,7 +2701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_64( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_29( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2688,7 +2725,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_c0( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_80( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2708,7 +2745,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_da( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_c5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2726,7 +2763,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_19(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_b9(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); @@ -2741,7 +2778,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ce( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2756,7 +2793,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ad( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_19( + inv_ntt_layer_int_vec_step_reduce_b9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2773,17 +2810,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_781( +static KRML_MUSTINLINE void invert_ntt_montgomery_0d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_80(&zeta_i, re); + invert_ntt_at_layer_3_c5(&zeta_i, re); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_25(re); } @@ -2797,7 +2834,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_da( +static KRML_MUSTINLINE void add_error_reduce_89_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2821,7 +2858,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_7c1( +static KRML_MUSTINLINE void compute_vector_u_d21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -2851,8 +2888,8 @@ static KRML_MUSTINLINE void compute_vector_u_7c1( ntt_multiply_89_91(a_element, &r_as_ntt[j]); add_to_ring_element_89_1c1(&result[i1], &product); } - invert_ntt_montgomery_781(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_0d1(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2865,7 +2902,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_5d(__m256i v) { +static __m256i decompress_1_53(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2879,7 +2916,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_53(uint8_t serialized[32U]) { +deserialize_then_decompress_message_71(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -2888,7 +2925,7 @@ deserialize_then_decompress_message_53(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_5d(coefficient_compressed);); + re.coefficients[i0] = decompress_1_53(coefficient_compressed);); return re; } @@ -2903,7 +2940,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_f9( +add_message_error_reduce_89_57( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2933,7 +2970,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_391( +compute_ring_element_v_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -2943,8 +2980,8 @@ compute_ring_element_v_391( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_781(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + invert_ntt_montgomery_0d1(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -2955,7 +2992,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_34(__m256i vector) { +compress_ciphertext_coefficient_0d(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3002,8 +3039,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_77(__m256i vector) { - return compress_ciphertext_coefficient_34(vector); +static __m256i compress_ea_dc(__m256i vector) { + return compress_ciphertext_coefficient_0d(vector); } /** @@ -3012,14 +3049,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_c6( +static KRML_MUSTINLINE void compress_then_serialize_10_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_77(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_dc(to_unsigned_representative_10(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3037,7 +3074,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_340(__m256i vector) { +compress_ciphertext_coefficient_0d0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3084,8 +3121,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_770(__m256i vector) { - return compress_ciphertext_coefficient_340(vector); +static __m256i compress_ea_dc0(__m256i vector) { + return compress_ciphertext_coefficient_0d0(vector); } /** @@ -3095,10 +3132,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_c6(re, uu____0); + compress_then_serialize_10_75(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3114,7 +3151,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fa1( +static void compress_then_serialize_u_bd1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3130,7 +3167,7 @@ static void compress_then_serialize_u_fa1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f8(&re, ret); + compress_then_serialize_ring_element_u_1f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3143,7 +3180,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_341(__m256i vector) { +compress_ciphertext_coefficient_0d1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3190,8 +3227,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_771(__m256i vector) { - return compress_ciphertext_coefficient_341(vector); +static __m256i compress_ea_dc1(__m256i vector) { + return compress_ciphertext_coefficient_0d1(vector); } /** @@ -3200,14 +3237,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_34( +static KRML_MUSTINLINE void compress_then_serialize_4_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_771(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_dc1(to_unsigned_representative_10(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3224,7 +3261,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_342(__m256i vector) { +compress_ciphertext_coefficient_0d2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3271,8 +3308,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_772(__m256i vector) { - return compress_ciphertext_coefficient_342(vector); +static __m256i compress_ea_dc2(__m256i vector) { + return compress_ciphertext_coefficient_0d2(vector); } /** @@ -3281,14 +3318,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_9d( +static KRML_MUSTINLINE void compress_then_serialize_5_11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_772(to_unsigned_representative_10(re.coefficients[i0])); + compress_ea_dc2(to_unsigned_representative_10(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3305,9 +3342,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_34(re, out); + compress_then_serialize_4_78(re, out); } /** @@ -3327,7 +3364,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_913( @@ -3354,7 +3391,7 @@ static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_d71(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_791(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3368,25 +3405,25 @@ static void encrypt_921(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7c1(A, r_as_ntt, error_1, u); + compute_vector_u_d21(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_71(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_391(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3c1(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa1( + compress_then_serialize_u_bd1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d0( + compress_then_serialize_ring_element_v_9a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3430,7 +3467,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_961( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -3444,7 +3481,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( size_t); uint8_t ret[32U]; H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3458,17 +3495,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_d21( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_921(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_bd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_801(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -3489,7 +3526,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_a8(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_20(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -3510,7 +3547,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_de1( +static KRML_MUSTINLINE void deserialize_secret_key_a11( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -3527,7 +3564,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_20(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3552,7 +3589,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b(__m256i vector) { +decompress_ciphertext_coefficient_c5(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3596,8 +3633,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_d6(__m256i vector) { - return decompress_ciphertext_coefficient_7b(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff(__m256i vector) { + return decompress_ciphertext_coefficient_c5(vector); } /** @@ -3607,7 +3644,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_5a(Eurydice_slice serialized) { +deserialize_then_decompress_10_4b(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -3615,7 +3652,7 @@ deserialize_then_decompress_10_5a(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff(coefficient); } return re; } @@ -3627,7 +3664,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b0(__m256i vector) { +decompress_ciphertext_coefficient_c50(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3671,8 +3708,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_d60(__m256i vector) { - return decompress_ciphertext_coefficient_7b0(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff0(__m256i vector) { + return decompress_ciphertext_coefficient_c50(vector); } /** @@ -3682,7 +3719,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_14(Eurydice_slice serialized) { +deserialize_then_decompress_11_ec(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -3690,7 +3727,7 @@ deserialize_then_decompress_11_14(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff0(coefficient); } return re; } @@ -3702,8 +3739,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a9(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5a(serialized); +deserialize_then_decompress_ring_element_u_df(Eurydice_slice serialized) { + return deserialize_then_decompress_10_4b(serialized); } /** @@ -3712,7 +3749,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_40( +static KRML_MUSTINLINE void ntt_vector_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); @@ -3737,7 +3774,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_721( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -3760,8 +3797,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); - ntt_vector_u_40(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df(u_bytes); + ntt_vector_u_51(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3775,7 +3812,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b1(__m256i vector) { +decompress_ciphertext_coefficient_c51(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3819,8 +3856,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_d61(__m256i vector) { - return decompress_ciphertext_coefficient_7b1(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff1(__m256i vector) { + return decompress_ciphertext_coefficient_c51(vector); } /** @@ -3830,7 +3867,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_2d(Eurydice_slice serialized) { +deserialize_then_decompress_4_0e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -3838,7 +3875,7 @@ deserialize_then_decompress_4_2d(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_ff1(coefficient); } return re; } @@ -3850,7 +3887,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_7b2(__m256i vector) { +decompress_ciphertext_coefficient_c52(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3894,8 +3931,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_d62(__m256i vector) { - return decompress_ciphertext_coefficient_7b2(vector); +static __m256i decompress_ciphertext_coefficient_ea_ff2(__m256i vector) { + return decompress_ciphertext_coefficient_c52(vector); } /** @@ -3905,7 +3942,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_6e(Eurydice_slice serialized) { +deserialize_then_decompress_5_a2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_e4(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -3914,7 +3951,7 @@ deserialize_then_decompress_5_6e(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_ff2(re.coefficients[i0]); } return re; } @@ -3926,8 +3963,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_25(Eurydice_slice serialized) { - return deserialize_then_decompress_4_2d(serialized); +deserialize_then_decompress_ring_element_v_e8(Eurydice_slice serialized) { + return deserialize_then_decompress_4_0e(serialized); } /** @@ -3941,7 +3978,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_01(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_74(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3969,7 +4006,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c1( +compute_message_221( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -3978,8 +4015,8 @@ compute_message_0c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_1c1(&result, &product);); - invert_ntt_montgomery_781(&result); - result = subtract_reduce_89_01(v, result); + invert_ntt_montgomery_0d1(&result); + result = subtract_reduce_89_74(v, result); return result; } @@ -3989,7 +4026,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_2d( +static KRML_MUSTINLINE void compress_then_serialize_message_30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4041,18 +4078,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_001(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_891(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_c11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_721(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_25( + deserialize_then_decompress_ring_element_v_e8( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_30(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4066,10 +4103,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fc1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_de1(secret_key, secret_as_ntt); + deserialize_secret_key_a11(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4080,7 +4117,7 @@ static void decrypt_051(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_001(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4132,7 +4169,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_421( +void libcrux_ml_kem_ind_cca_decapsulate_141( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4150,7 +4187,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_051(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fc1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4172,7 +4209,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f10(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4182,7 +4219,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_921(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_bd1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_801(Eurydice_array_to_slice( @@ -4192,7 +4229,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_421( kdf_d8_801(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + libcrux_ml_kem_types_as_ref_00_f10(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,6 +4339,13 @@ static KRML_MUSTINLINE void serialize_public_key_590( memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4327,6 +4371,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_0a0(uint8_t *public_key) { (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d0( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_a9_a10(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, + (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -5032,19 +5119,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fd0( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - /** Serialize the secret key. */ @@ -5220,7 +5294,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_d70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_790(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_e4();); @@ -5276,17 +5350,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_780( +static KRML_MUSTINLINE void invert_ntt_montgomery_0d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_80(&zeta_i, re); + invert_ntt_at_layer_3_c5(&zeta_i, re); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_25(re); } @@ -5299,7 +5373,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_7c0( +static KRML_MUSTINLINE void compute_vector_u_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5329,8 +5403,8 @@ static KRML_MUSTINLINE void compute_vector_u_7c0( ntt_multiply_89_91(a_element, &r_as_ntt[j]); add_to_ring_element_89_1c0(&result[i1], &product); } - invert_ntt_montgomery_780(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_0d0(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5347,7 +5421,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_390( +compute_ring_element_v_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5357,8 +5431,8 @@ compute_ring_element_v_390( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_780(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + invert_ntt_montgomery_0d0(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -5368,14 +5442,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_780( +static KRML_MUSTINLINE void compress_then_serialize_11_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_770(to_unsigned_representative_10(re->coefficients[i0])); + compress_ea_dc0(to_unsigned_representative_10(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5393,10 +5467,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_780(re, uu____0); + compress_then_serialize_11_0e0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5412,7 +5486,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_fa0( +static void compress_then_serialize_u_bd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5428,7 +5502,7 @@ static void compress_then_serialize_u_fa0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_f80(&re, ret); + compress_then_serialize_ring_element_u_1f0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5441,9 +5515,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d00( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_9d(re, out); + compress_then_serialize_5_11(re, out); } /** @@ -5463,7 +5537,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_911( @@ -5490,7 +5564,7 @@ static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_d70(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_790(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5504,25 +5578,25 @@ static void encrypt_920(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7c0(A, r_as_ntt, error_1, u); + compute_vector_u_d20(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_71(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_390(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3c0(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa0( + compress_then_serialize_u_bd0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d00( + compress_then_serialize_ring_element_v_9a0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5566,7 +5640,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_960( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5580,7 +5654,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( size_t); uint8_t ret[32U]; H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5594,17 +5668,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_d20( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_920(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_bd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_800(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -5627,7 +5701,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_de0( +static KRML_MUSTINLINE void deserialize_secret_key_a10( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -5644,7 +5718,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_20(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5669,8 +5743,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a90(Eurydice_slice serialized) { - return deserialize_then_decompress_11_14(serialized); +deserialize_then_decompress_ring_element_u_df0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ec(serialized); } /** @@ -5679,7 +5753,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_400( +static KRML_MUSTINLINE void ntt_vector_u_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U); @@ -5704,7 +5778,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_720( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -5727,8 +5801,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a90(u_bytes); - ntt_vector_u_400(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df0(u_bytes); + ntt_vector_u_510(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5742,8 +5816,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_250(Eurydice_slice serialized) { - return deserialize_then_decompress_5_6e(serialized); +deserialize_then_decompress_ring_element_v_e80(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a2(serialized); } /** @@ -5759,7 +5833,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c0( +compute_message_220( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -5768,8 +5842,8 @@ compute_message_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_1c0(&result, &product);); - invert_ntt_montgomery_780(&result); - result = subtract_reduce_89_01(v, result); + invert_ntt_montgomery_0d0(&result); + result = subtract_reduce_89_74(v, result); return result; } @@ -5807,18 +5881,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_000(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_890(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_c10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_720(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_250( + deserialize_then_decompress_ring_element_v_e80( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_30(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5832,10 +5906,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fc0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_de0(secret_key, secret_as_ntt); + deserialize_secret_key_a10(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5846,7 +5920,7 @@ static void decrypt_050(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_000(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5886,7 +5960,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_420( +void libcrux_ml_kem_ind_cca_decapsulate_140( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5905,7 +5979,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_050(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fc0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5927,7 +6001,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f11(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5937,7 +6011,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_920(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_bd0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_800(Eurydice_array_to_slice( @@ -5947,7 +6021,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_420( kdf_d8_800(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + libcrux_ml_kem_types_as_ref_00_f11(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6057,6 +6131,13 @@ static KRML_MUSTINLINE void serialize_public_key_59( memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6082,6 +6163,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_0a(uint8_t *public_key) { (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_1d( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { + uint8_t t[32U]; + H_a9_a1(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, + (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -6780,19 +6904,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fd( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - /** Serialize the secret key. */ @@ -7014,7 +7125,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_d7(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_79(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_e4();); @@ -7070,17 +7181,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_78( +static KRML_MUSTINLINE void invert_ntt_montgomery_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_64(&zeta_i, re); - invert_ntt_at_layer_2_c0(&zeta_i, re); - invert_ntt_at_layer_3_da(&zeta_i, re); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ad(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_80(&zeta_i, re); + invert_ntt_at_layer_3_c5(&zeta_i, re); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_25(re); } @@ -7093,7 +7204,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_7c( +static KRML_MUSTINLINE void compute_vector_u_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -7123,8 +7234,8 @@ static KRML_MUSTINLINE void compute_vector_u_7c( ntt_multiply_89_91(a_element, &r_as_ntt[j]); add_to_ring_element_89_1c(&result[i1], &product); } - invert_ntt_montgomery_78(&result[i1]); - add_error_reduce_89_da(&result[i1], &error_1[i1]); + invert_ntt_montgomery_0d(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7141,7 +7252,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_39( +compute_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7151,8 +7262,8 @@ compute_ring_element_v_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_78(&result); - result = add_message_error_reduce_89_f9(error_2, message, result); + invert_ntt_montgomery_0d(&result); + result = add_message_error_reduce_89_57(error_2, message, result); return result; } @@ -7168,7 +7279,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fa( +static void compress_then_serialize_u_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7184,7 +7295,7 @@ static void compress_then_serialize_u_fa( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f8(&re, ret); + compress_then_serialize_ring_element_u_1f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7207,7 +7318,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_91( @@ -7234,7 +7345,7 @@ static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_d7(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_79(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7248,25 +7359,25 @@ static void encrypt_92(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_5d0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7c(A, r_as_ntt, error_1, u); + compute_vector_u_d2(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_53(copy_of_message); + deserialize_then_decompress_message_71(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_39(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3c(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fa( + compress_then_serialize_u_bd( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d0( + compress_then_serialize_ring_element_v_9a( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7310,7 +7421,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_96( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -7324,7 +7435,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( size_t); uint8_t ret[32U]; H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7338,17 +7449,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_d2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_92(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_bd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_80(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -7371,7 +7482,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_de( +static KRML_MUSTINLINE void deserialize_secret_key_a1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -7388,7 +7499,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_de( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_a8(secret_bytes); + deserialize_to_uncompressed_ring_element_20(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7418,7 +7529,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_72( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -7441,8 +7552,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a9(u_bytes); - ntt_vector_u_40(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_df(u_bytes); + ntt_vector_u_51(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7462,7 +7573,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_0c( +compute_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -7471,8 +7582,8 @@ compute_message_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_91(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_1c(&result, &product);); - invert_ntt_montgomery_78(&result); - result = subtract_reduce_89_01(v, result); + invert_ntt_montgomery_0d(&result); + result = subtract_reduce_89_74(v, result); return result; } @@ -7510,18 +7621,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_00(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_89(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_c1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_72(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_25( + deserialize_then_decompress_ring_element_v_e8( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_0c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); + compress_then_serialize_message_30(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7535,10 +7646,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fc(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_de(secret_key, secret_as_ntt); + deserialize_secret_key_a1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7549,7 +7660,7 @@ static void decrypt_05(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_00(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7589,7 +7700,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_42( +void libcrux_ml_kem_ind_cca_decapsulate_14( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7607,7 +7718,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_05(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7629,7 +7740,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7639,7 +7750,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_92(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_bd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_80(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), @@ -7648,7 +7759,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_42( kdf_d8_80(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + libcrux_ml_kem_types_as_ref_00_f1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index de251e8eb..22a8cbb66 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4c13b8d96..322b96f9b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_mlkem_portable.h" @@ -2462,6 +2462,13 @@ static KRML_MUSTINLINE void serialize_public_key_791( memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2487,6 +2494,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CIPHERTEXT_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_77( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_f1_1a1(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, + (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -3639,19 +3689,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - /** Serialize the secret key. */ @@ -3828,7 +3865,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_c71(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_6c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_ea();); @@ -3896,7 +3933,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_d2( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3920,7 +3957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_90( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3940,7 +3977,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_f9( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_6f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3960,7 +3997,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_bb( + inv_ntt_layer_int_vec_step_reduce_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3980,7 +4017,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_7f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3995,7 +4032,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_bb( + inv_ntt_layer_int_vec_step_reduce_2c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4012,17 +4049,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( +static KRML_MUSTINLINE void invert_ntt_montgomery_d11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_90(&zeta_i, re); + invert_ntt_at_layer_3_6f(&zeta_i, re); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_8b(re); } @@ -4036,7 +4073,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_af( +static KRML_MUSTINLINE void add_error_reduce_89_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4063,7 +4100,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_891( +static KRML_MUSTINLINE void compute_vector_u_671( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4093,8 +4130,8 @@ static KRML_MUSTINLINE void compute_vector_u_891( ntt_multiply_89_2a(a_element, &r_as_ntt[j]); add_to_ring_element_89_841(&result[i1], &product); } - invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d11(&result[i1]); + add_error_reduce_89_3f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4108,7 +4145,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5d0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_cd(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4122,7 +4159,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { +deserialize_then_decompress_message_a4(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4133,7 +4170,7 @@ deserialize_then_decompress_message_cd(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5d0(coefficient_compressed); + decompress_1_cd(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4149,7 +4186,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_63( +add_message_error_reduce_89_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4182,7 +4219,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca1( +compute_ring_element_v_421( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4192,8 +4229,8 @@ compute_ring_element_v_ca1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + invert_ntt_montgomery_d11(&result); + result = add_message_error_reduce_89_0d(error_2, message, result); return result; } @@ -4267,7 +4304,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_880( +static KRML_MUSTINLINE void compress_then_serialize_11_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -4292,10 +4329,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_890( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_190( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_880(re, uu____0); + compress_then_serialize_11_fc0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4311,7 +4348,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_141( +static void compress_then_serialize_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4327,7 +4364,7 @@ static void compress_then_serialize_u_141( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_890(&re, ret); + compress_then_serialize_ring_element_u_190(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4371,7 +4408,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_3c( +static KRML_MUSTINLINE void compress_then_serialize_4_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4426,7 +4463,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_00( +static KRML_MUSTINLINE void compress_then_serialize_5_fa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4450,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_870( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_00(re, out); + compress_then_serialize_5_fa(re, out); } /** @@ -4473,7 +4510,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_0c3( @@ -4500,7 +4537,7 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_c71(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_6c1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4514,25 +4551,25 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_891(A, r_as_ntt, error_1, u); + compute_vector_u_671(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_a4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca1(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_421(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_141( + compress_then_serialize_u_841( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_870( + compress_then_serialize_ring_element_v_7c0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4576,7 +4613,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_0b1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4590,7 +4627,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( size_t); uint8_t ret[32U]; H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4604,17 +4641,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f11(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_5c1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_831(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a91(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_5f(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -4635,7 +4672,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_8c(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4658,7 +4695,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_411( +static KRML_MUSTINLINE void deserialize_secret_key_a81( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4675,7 +4712,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_411( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4737,7 +4774,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_0a(Eurydice_slice serialized) { +deserialize_then_decompress_10_ee(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -4797,7 +4834,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_20(Eurydice_slice serialized) { +deserialize_then_decompress_11_e6(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4820,8 +4857,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_120(Eurydice_slice serialized) { - return deserialize_then_decompress_11_20(serialized); +deserialize_then_decompress_ring_element_u_3d0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_e6(serialized); } /** @@ -4830,7 +4867,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_540( +static KRML_MUSTINLINE void ntt_vector_u_8a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); @@ -4855,7 +4892,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_0e1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -4878,8 +4915,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_120(u_bytes); - ntt_vector_u_540(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d0(u_bytes); + ntt_vector_u_8a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4930,7 +4967,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_37(Eurydice_slice serialized) { +deserialize_then_decompress_4_22(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -4990,7 +5027,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_60(Eurydice_slice serialized) { +deserialize_then_decompress_5_6c(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_ea(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5013,8 +5050,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_010(Eurydice_slice serialized) { - return deserialize_then_decompress_5_60(serialized); +deserialize_then_decompress_ring_element_v_2b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_6c(serialized); } /** @@ -5028,7 +5065,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_a2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_6b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5059,7 +5096,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e71( +compute_message_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5068,8 +5105,8 @@ compute_message_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_841(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_a2(v, result); + invert_ntt_montgomery_d11(&result); + result = subtract_reduce_89_6b(v, result); return result; } @@ -5079,7 +5116,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_1b( +static KRML_MUSTINLINE void compress_then_serialize_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5133,18 +5170,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_a01(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_691(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_a31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_0e1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_010( + deserialize_then_decompress_ring_element_v_2b0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e71(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_951(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5158,10 +5195,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_411(secret_key, secret_as_ntt); + deserialize_secret_key_a81(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5172,7 +5209,7 @@ static void decrypt_941(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a01(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_691(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5224,7 +5261,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd1( +void libcrux_ml_kem_ind_cca_decapsulate_d61( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5243,7 +5280,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_941(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5265,7 +5302,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f11(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5275,7 +5312,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_831(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5a1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_5f(Eurydice_array_to_slice((size_t)32U, @@ -5285,7 +5322,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd1( kdf_d8_5f(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a61(ciphertext), + libcrux_ml_kem_types_as_ref_00_f11(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5395,6 +5432,13 @@ static KRML_MUSTINLINE void serialize_public_key_790( memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5420,6 +5464,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CIPHERTEXT_SIZE= 768 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_09( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { + uint8_t t[32U]; + H_f1_1a0(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, + (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -6113,19 +6200,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - /** Serialize the secret key. */ @@ -6334,7 +6408,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_c70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_6c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_ea();); @@ -6390,17 +6464,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( +static KRML_MUSTINLINE void invert_ntt_montgomery_d10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_90(&zeta_i, re); + invert_ntt_at_layer_3_6f(&zeta_i, re); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_8b(re); } @@ -6413,7 +6487,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_890( +static KRML_MUSTINLINE void compute_vector_u_670( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6443,8 +6517,8 @@ static KRML_MUSTINLINE void compute_vector_u_890( ntt_multiply_89_2a(a_element, &r_as_ntt[j]); add_to_ring_element_89_840(&result[i1], &product); } - invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d10(&result[i1]); + add_error_reduce_89_3f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6461,7 +6535,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca0( +compute_ring_element_v_420( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6471,8 +6545,8 @@ compute_ring_element_v_ca0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + invert_ntt_montgomery_d10(&result); + result = add_message_error_reduce_89_0d(error_2, message, result); return result; } @@ -6482,7 +6556,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_5b( +static KRML_MUSTINLINE void compress_then_serialize_10_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -6507,10 +6581,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_89( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_5b(re, uu____0); + compress_then_serialize_10_a1(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6526,7 +6600,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_140( +static void compress_then_serialize_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6542,7 +6616,7 @@ static void compress_then_serialize_u_140( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_89(&re, ret); + compress_then_serialize_ring_element_u_19(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6555,9 +6629,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_87( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_3c(re, out); + compress_then_serialize_4_bf(re, out); } /** @@ -6578,7 +6652,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_0c1( @@ -6605,7 +6679,7 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_c70(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_6c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6619,25 +6693,25 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_890(A, r_as_ntt, error_1, u); + compute_vector_u_670(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_a4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_420(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_140( + compress_then_serialize_u_840( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_87( + compress_then_serialize_ring_element_v_7c( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6681,7 +6755,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_0b0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -6695,7 +6769,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( size_t); uint8_t ret[32U]; H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6709,17 +6783,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f1(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_5c(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_830(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_a9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_14(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -6742,7 +6816,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_410( +static KRML_MUSTINLINE void deserialize_secret_key_a80( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -6759,7 +6833,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_410( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6784,8 +6858,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_12(Eurydice_slice serialized) { - return deserialize_then_decompress_10_0a(serialized); +deserialize_then_decompress_ring_element_u_3d(Eurydice_slice serialized) { + return deserialize_then_decompress_10_ee(serialized); } /** @@ -6794,7 +6868,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_54( +static KRML_MUSTINLINE void ntt_vector_u_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); @@ -6819,7 +6893,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_0e0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -6842,8 +6916,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_54(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d(u_bytes); + ntt_vector_u_8a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6857,8 +6931,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_01(Eurydice_slice serialized) { - return deserialize_then_decompress_4_37(serialized); +deserialize_then_decompress_ring_element_v_2b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_22(serialized); } /** @@ -6874,7 +6948,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e70( +compute_message_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -6883,8 +6957,8 @@ compute_message_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_840(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_a2(v, result); + invert_ntt_montgomery_d10(&result); + result = subtract_reduce_89_6b(v, result); return result; } @@ -6922,18 +6996,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a00(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_690(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_a30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_0e0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_01( + deserialize_then_decompress_ring_element_v_2b( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e70(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_950(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6947,10 +7021,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_410(secret_key, secret_as_ntt); + deserialize_secret_key_a80(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -6961,7 +7035,7 @@ static void decrypt_940(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a00(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_690(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7001,7 +7075,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd0( +void libcrux_ml_kem_ind_cca_decapsulate_d60( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7019,7 +7093,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_940(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7041,7 +7115,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7051,7 +7125,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_830(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5a0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_14(Eurydice_array_to_slice((size_t)32U, @@ -7061,7 +7135,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd0( kdf_d8_14(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a6(ciphertext), + libcrux_ml_kem_types_as_ref_00_f1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7171,6 +7245,13 @@ static KRML_MUSTINLINE void serialize_public_key_79( memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7196,6 +7277,49 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::portable::PortableHash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_portable_H(input, ret); +} + +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +bool libcrux_ml_kem_ind_cca_validate_private_key_80( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + H_f1_1a(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -7878,19 +8002,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( return lit; } -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - /** Serialize the secret key. */ @@ -8067,7 +8178,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_c7(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_6c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_ea();); @@ -8123,17 +8234,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void invert_ntt_montgomery_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d2(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_f9(&zeta_i, re); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_90(&zeta_i, re); + invert_ntt_at_layer_3_6f(&zeta_i, re); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_7f(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_8b(re); } @@ -8146,7 +8257,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_89( +static KRML_MUSTINLINE void compute_vector_u_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8176,8 +8287,8 @@ static KRML_MUSTINLINE void compute_vector_u_89( ntt_multiply_89_2a(a_element, &r_as_ntt[j]); add_to_ring_element_89_84(&result[i1], &product); } - invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_af(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d1(&result[i1]); + add_error_reduce_89_3f(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8194,7 +8305,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ca( +compute_ring_element_v_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8204,8 +8315,8 @@ compute_ring_element_v_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_63(error_2, message, result); + invert_ntt_montgomery_d1(&result); + result = add_message_error_reduce_89_0d(error_2, message, result); return result; } @@ -8221,7 +8332,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_14( +static void compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8237,7 +8348,7 @@ static void compress_then_serialize_u_14( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_89(&re, ret); + compress_then_serialize_ring_element_u_19(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8261,7 +8372,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_0c( @@ -8288,7 +8399,7 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_c7(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_6c(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8302,25 +8413,25 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_89(A, r_as_ntt, error_1, u); + compute_vector_u_67(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cd(copy_of_message); + deserialize_then_decompress_message_a4(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ca(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_42(t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_14( + compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_87( + compress_then_serialize_ring_element_v_7c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8364,7 +8475,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_0b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -8378,7 +8489,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( size_t); uint8_t ret[32U]; H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8392,17 +8503,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f10(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_5c0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_a90(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_d8_41(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -8425,7 +8536,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_41( +static KRML_MUSTINLINE void deserialize_secret_key_a8( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -8442,7 +8553,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_41( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_8c(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8472,7 +8583,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_0e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -8495,8 +8606,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_54(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_3d(u_bytes); + ntt_vector_u_8a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8516,7 +8627,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_e7( +compute_message_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -8525,8 +8636,8 @@ compute_message_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_2a(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_84(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_a2(v, result); + invert_ntt_montgomery_d1(&result); + result = subtract_reduce_89_6b(v, result); return result; } @@ -8564,18 +8675,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a0(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_69(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_01( + deserialize_then_decompress_ring_element_v_2b( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_e7(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_95(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_1b(message, ret0); + compress_then_serialize_message_22(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8589,10 +8700,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_41(secret_key, secret_as_ntt); + deserialize_secret_key_a8(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8603,7 +8714,7 @@ static void decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_69(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8643,7 +8754,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_fd( +void libcrux_ml_kem_ind_cca_decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8661,7 +8772,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_94(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8683,7 +8794,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_f10(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -8693,7 +8804,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_d8_41(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), @@ -8702,7 +8813,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_fd( kdf_d8_41(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_a60(ciphertext), + libcrux_ml_kem_types_as_ref_00_f10(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 842002efe..536112a56 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 413cb8cfa..fb5e5ce48 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 0faa15823..98b7b6f33 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 1b23ca31d..40d622080 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1630106cf..e45c61660 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index aed8b3ad4..1ce890195 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f2144bb1f..1e59d1a80 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9a130a852767d2f8881c458e022bf35fec1f6afe + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index a38d0a5db..a05120b5f 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a +Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 +Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e +Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 +Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 4b994a998..366d716f0 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -95,10 +95,14 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 73953b59a..da42a20b4 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_core_H @@ -187,25 +187,6 @@ typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice snd[4U]; } Eurydice_slice_uint8_t_4size_t__x2; -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1184size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct Option_92_s { - Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} Option_92; - typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; @@ -226,6 +207,15 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_1d( return self->value; } +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1184size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_15; + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemPublicKey)#14} @@ -352,7 +342,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_31(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_9f(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -372,7 +362,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_26( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_50( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -424,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_24( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index dc53c7231..cf84953dc 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index bf0c5a47d..5a6bd84e2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1240,7 +1240,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_cc(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_2a(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -1276,7 +1276,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1323,7 +1323,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_0b(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_27( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_15( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e3( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_27( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f2( vector); } @@ -1401,7 +1401,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_73( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_15( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e3( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_270( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f20( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_150( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e30( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_270( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f20( vector); } @@ -1492,7 +1492,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_db( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_150( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e30( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5b( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_41( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4a(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_73(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1682,7 +1682,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_27(&zeta_i, re, (size_t)7U, @@ -1713,7 +1713,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5b( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_41( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_9d(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_0f(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_271( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f21( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_151( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e31( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_271( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f21( vector); } @@ -1821,7 +1821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_96( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_52( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_96( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_151( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e31( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_272( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f22( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_152( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e32( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_272( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f22( vector); } @@ -1912,7 +1912,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_72( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_b5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_72( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_152( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_e32( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_19( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c0( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_96(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_52(serialized); } /** @@ -2042,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_31( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,7 +2113,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_7e(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2132,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_92( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_7e( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,20 +2165,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_31(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_7c(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3a(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a5(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_d3(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_25(re); } @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_3e( +libcrux_ml_kem_polynomial_subtract_reduce_89_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,7 +2225,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_bf( +libcrux_ml_kem_matrix_compute_message_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2238,8 +2238,8 @@ libcrux_ml_kem_matrix_compute_message_bf( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_3e(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_76(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ac(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_86(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_94( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_ac(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_86(vector); } /** @@ -2278,7 +2278,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_10(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_94(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8e(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,7 +2292,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_0c( +libcrux_ml_kem_serialize_compress_then_serialize_message_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ea( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8c(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c4(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_19( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_bf(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_2f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_0c(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_56(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_51(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_3d(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_56(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ea(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_65(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3350,7 +3350,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_97(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_1a(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -3367,7 +3367,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_96(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3445,7 +3445,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_f2(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_e4(); } @@ -3460,7 +3460,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_8a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,7 +3485,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3517,8 +3517,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_5c( libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_8a(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_07(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3532,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_ed(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_f9(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,7 +3547,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_e4(); @@ -3558,7 +3558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_ed(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_f9(coefficient_compressed); } return re; } @@ -3575,7 +3575,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_80( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,7 +3606,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_d2( +libcrux_ml_kem_matrix_compute_ring_element_v_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3620,8 +3620,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_d2( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_1c(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f8(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_80( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cd(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_f9( error_2, message, result); return result; } @@ -3634,7 +3634,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_21( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3689,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_73( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_63( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_21( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e( vector); } @@ -3703,13 +3703,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_eb( +libcrux_ml_kem_serialize_compress_then_serialize_10_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_73( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_63( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3730,7 +3730,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_210( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3785,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_730( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_630( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_210( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e0( vector); } @@ -3799,13 +3799,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_01( +libcrux_ml_kem_serialize_compress_then_serialize_11_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_730( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_630( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3827,10 +3827,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f1( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_eb(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_69(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3847,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3863,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f1(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3878,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_211( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3933,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_731( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_631( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_211( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e1( vector); } @@ -3947,13 +3947,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f0( +libcrux_ml_kem_serialize_compress_then_serialize_4_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_731( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_631( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3973,7 +3973,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_212( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4028,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_732( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_632( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_212( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7e2( vector); } @@ -4042,13 +4042,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_ed( +libcrux_ml_kem_serialize_compress_then_serialize_5_32( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_732( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_632( libcrux_ml_kem_vector_traits_to_unsigned_representative_10( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4069,9 +4069,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_de( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f0(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e8(re, out); } /** @@ -4092,7 +4092,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_9b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -4121,7 +4121,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_96( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_24( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4136,26 +4136,26 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cb(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_5d( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_5c(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_cd(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_d2( + libcrux_ml_kem_matrix_compute_ring_element_v_bb( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_61( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_33( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_9e( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_de( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4205,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_701( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,7 +4223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_56(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_51(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4247,7 +4247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4258,7 +4258,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_80( @@ -4269,7 +4269,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e5( libcrux_ml_kem_variant_kdf_d8_80(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_32( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_701(private_key, ciphertext, ret); } /** @@ -4319,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_32(private_key, ciphertext, ret); } @@ -4377,7 +4377,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -4392,7 +4392,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4407,18 +4407,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_51( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_80(shared_secret, &ciphertext0, shared_secret_array); @@ -4452,14 +4452,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_41( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_51(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8b(uu____0, copy_of_randomness); } /** @@ -4477,7 +4477,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_41( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_61( uu____0, copy_of_randomness); } @@ -4908,7 +4908,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -4925,7 +4925,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c6( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( copy_of_randomness); } @@ -4986,7 +4986,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_702( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5004,7 +5004,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_56(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_51(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5028,7 +5028,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -5039,7 +5039,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_62( @@ -5050,7 +5050,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_e50( libcrux_ml_kem_variant_kdf_33_62(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5084,10 +5084,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_84( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_702(private_key, ciphertext, ret); } /** @@ -5101,7 +5101,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f4( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_84( private_key, ciphertext, ret); } @@ -5141,7 +5141,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8b0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5156,7 +5156,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5171,18 +5171,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_510( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_9b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_33_62(shared_secret, &ciphertext0, shared_secret_array); @@ -5219,14 +5219,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_510(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8b0(uu____0, copy_of_randomness); } /** @@ -5244,7 +5244,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_9d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7b( uu____0, copy_of_randomness); } @@ -5414,7 +5414,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_e9( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_d1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5431,10 +5431,75 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_e9( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_d1( copy_of_randomness); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_46( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, + uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_2c( + private_key, ciphertext); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types @@ -5491,6 +5556,13 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f40( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5530,8 +5602,8 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); } @@ -5539,19 +5611,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_4d( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); - } - return uu____0; +static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( + public_key->value); } /** diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 4e5fff02c..4c72badfc 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_mlkem768_portable_H @@ -2454,7 +2454,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_36(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_6b(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -2465,7 +2465,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8b( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -2490,7 +2490,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_24( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2508,7 +2508,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8b( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2536,7 +2536,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_58(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_7c(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -2585,7 +2585,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_07( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -2649,7 +2649,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_8b( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_8d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -2675,9 +2675,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ab( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_07(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2c(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2845,7 +2845,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_55( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, @@ -2875,7 +2875,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2900,9 +2900,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ab( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_34( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_55(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_9f(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2954,7 +2954,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_41( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -3018,7 +3018,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_65( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -3044,9 +3044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b6( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_57(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_41(serialized); } /** @@ -3152,7 +3152,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,7 +3178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_44( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3222,7 +3222,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_de( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3243,7 +3243,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3258,7 +3258,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_de( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_65( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3275,20 +3275,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_f7(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_44(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c3(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_68(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_33(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6e(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_8b(re); } @@ -3304,7 +3304,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_97( +libcrux_ml_kem_polynomial_subtract_reduce_89_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3336,7 +3336,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_97( +libcrux_ml_kem_matrix_compute_message_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3349,8 +3349,8 @@ libcrux_ml_kem_matrix_compute_message_97( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_97(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_d4(v, result); return result; } @@ -3409,7 +3409,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_25( +libcrux_ml_kem_serialize_compress_then_serialize_message_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3465,20 +3465,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b5( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2a(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f4(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b6( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_56( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_97(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_b3(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_25(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_aa(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3492,11 +3492,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_49(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_43(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_e7(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_24(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3508,7 +3508,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_49(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b5(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4434,7 +4434,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_f4(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_77(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -4451,7 +4451,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d5(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4526,7 +4526,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_23(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_d6(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_ea(); } @@ -4540,7 +4540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_97( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_38( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4567,7 +4567,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4599,8 +4599,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_3a( libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_97(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_38(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4614,7 +4614,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_3b( +libcrux_ml_kem_vector_traits_decompress_1_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4629,7 +4629,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_ea(); @@ -4642,7 +4642,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_3b(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_63(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4659,7 +4659,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_7b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4692,7 +4692,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_24( +libcrux_ml_kem_matrix_compute_ring_element_v_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4706,8 +4706,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_24( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_84(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_cb(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_7b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_f6(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_ea( error_2, message, result); return result; } @@ -4753,7 +4753,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_8b( +libcrux_ml_kem_serialize_compress_then_serialize_10_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4814,7 +4814,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_55( +libcrux_ml_kem_serialize_compress_then_serialize_11_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4842,10 +4842,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_60( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_8b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_fc(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4861,7 +4861,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4877,7 +4877,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_60(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_5f(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4925,7 +4925,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4985,7 +4985,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_73( +libcrux_ml_kem_serialize_compress_then_serialize_5_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5012,9 +5012,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_9a(re, out); } /** @@ -5035,7 +5035,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_60(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -5064,7 +5064,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d5( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_ac( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5079,26 +5079,26 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ff(Eurydice_slice public_key, libcrux_ml_kem_sampling_sample_from_binomial_distribution_c6( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_3a(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_59(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_63( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_0d( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_24( + libcrux_ml_kem_matrix_compute_ring_element_v_54( t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c3( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a7( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_5b( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5146,7 +5146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_da( +static inline void libcrux_ml_kem_ind_cca_decapsulate_70( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5164,7 +5164,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_49(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5188,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5199,7 +5199,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_d8_41( @@ -5210,7 +5210,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da( libcrux_ml_kem_variant_kdf_d8_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5243,10 +5243,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_da(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_70(private_key, ciphertext, ret); } /** @@ -5259,7 +5259,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_62( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_2e( private_key, ciphertext, ret); } @@ -5314,7 +5314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -5329,7 +5329,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5344,18 +5344,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b5( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_d8_41(shared_secret, &ciphertext0, shared_secret_array); @@ -5388,14 +5388,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_9c( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b5(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cd(uu____0, copy_of_randomness); } /** @@ -5412,7 +5412,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_9c( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_c6( uu____0, copy_of_randomness); } @@ -5911,7 +5911,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_700( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5929,7 +5929,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_49(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_43(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5953,7 +5953,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_24(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5964,7 +5964,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_variant_kdf_33_f0( @@ -5975,7 +5975,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_da0( libcrux_ml_kem_variant_kdf_33_f0(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_24(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6009,10 +6009,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_da0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_700(private_key, ciphertext, ret); } /** @@ -6025,7 +6025,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_10( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_fc( private_key, ciphertext, ret); } @@ -6063,7 +6063,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_cd0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; @@ -6078,7 +6078,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_26(public_key), + libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6093,18 +6093,18 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b50( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_26(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ff(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_31(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_variant_kdf_33_f0(shared_secret, &ciphertext0, shared_secret_array); @@ -6141,14 +6141,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_b50(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_cd0(uu____0, copy_of_randomness); } /** @@ -6165,7 +6165,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7a( uu____0, copy_of_randomness); } @@ -6352,6 +6352,68 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( copy_of_randomness); } +/** + Validate an ML-KEM private key. + + This implements the Hash check in 7.3 3. + Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` + and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e7( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { + uint8_t t[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_1a( + Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, + uint8_t), + t); + Eurydice_slice expected = Eurydice_array_to_subslice2( + private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, + (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); + return core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( + (size_t)32U, t, &expected, uint8_t, uint8_t, bool); +} + +/** + Portable private key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_e7(private_key, + ciphertext); +} + +/** + Validate a private key. + + Returns `true` if valid, and `false` otherwise. +*/ +static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_9c( + private_key, ciphertext); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types @@ -6406,6 +6468,13 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_330( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Validate an ML-KEM public key. + + This implements the Modulus check in 7.2 2. + Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the + `public_key` type. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6443,7 +6512,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static inline bool +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); @@ -6452,18 +6521,12 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( /** Validate a public key. - Returns `Some(public_key)` if valid, and `None` otherwise. + Returns `true` if valid, and `false` otherwise. */ -static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); - } - return uu____0; +static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_4b( + public_key->value); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 1dc4635ed..6ed704984 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 3e8e953d8..12650f0f8 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * Charon: 3f39fa18bb6efe2199d17b8f79b10d4127d24289 + * Eurydice: cd5c9e55b3c032977eccf22edd8a91b4b02e338e + * Karamel: 2dfc25438318f1d832ad6d2d2b595cb870466fc3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 7d3aa4de53d928af9db06c189a774877d4472c45 + * Libcrux: 919a6a57fe3548db83f6416d540116c2c8a9f2c1 */ #ifndef __libcrux_sha3_portable_H